Sign In
Register
Help
My Windows Defender Has detected couple of Trojans and I need someone to help me remove it. It has detected couple of stuff:
Trojan:Win32/Vundo.gen!Y, Trojan:Win32/Conhook.D, Trojan:Win32/Vundo.gen!C, Trojan:Win32/Vundo.D, Adware:Win32/InternetSpeedMonitor, Trojan:Win32/Vundo
These are the following .dll files I have removed personally from my (C:\WINDOWS\system32\) and they were involved with the Trojan/Adware
C:\WINDOWS\system32\iiffDVpN.dll
C:\Program Files\GetPack\GetPack26.exe
C:\Program Files\GetModule\GetModule32.exe
C:\WINDOWS\system32\khfDtSjJ.dll
C:\WINDOWS\system32\naszal.dll
C:\WINDOWS\system32\wroumsms.dll
C:\WINDOWS\system32\byXOeDWQ.dll
C:\WINDOWS\system32\jkkLDTmM.dll
C:\WINDOWS\system32\opnkkliH.dll
I have also found some unwanted/never installed files in the Program files. They Are Qoobox, GetPack26, GetModule36
I am also Going to show the history of my Windows Defender when these items where detected:
Category:
Trojan
Description:
This program displays advertisements and may be difficult to remove.
Advice:
Remove this software immediately.
Resources:
process:
pid:2096
clsid:
HKLM\SOFTWARE\CLASSES\CLSID\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}
regkey:
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}
regkey:
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}
regkey:
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\khfDtSjJ
regkey:
HKLM\SOFTWARE\CLASSES\CLSID\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}
bho:
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}
shellexechook:
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}
winlognotif:
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\khfDtSjJ
file:
C:\WINDOWS\system32\khfDtSjJ.dll
Category:
Trojan
Description:
This program is dangerous and installs other programs.
Advice:
Remove this software immediately.
Resources:
process:
pid:3712
clsid:
HKLM\Software\Classes\CLSID\{dea83b9f-509b-49f1-95c7-7a86bf4cfd48}
regkey:
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{dea83b9f-509b-49f1-95c7-7a86bf4cfd48}
regkey:
HKLM\Software\Classes\CLSID\{dea83b9f-509b-49f1-95c7-7a86bf4cfd48}
regkey:
HKCU@S-1-5-21-248443124-3853638973-3280566910-1008\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{DEA83B9F-509B-49F1-95C7-7A86BF4CFD48}
bho:
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{dea83b9f-509b-49f1-95c7-7a86bf4cfd48}
appinitdll:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs:naszal.dll
ieaddon:
HKCU@S-1-5-21-248443124-3853638973-3280566910-1008\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{DEA83B9F-509B-49F1-95C7-7A86BF4CFD48}
file:
C:\WINDOWS\system32\naszal.dll
Category:
Trojan
Description:
This program displays advertisements and may be difficult to remove.
Advice:
Remove this software immediately.
Resources:
process:
pid:3580
process:
pid:2572
regkey:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\7e65aeb1
runkey:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\7e65aeb1
file:
C:\WINDOWS\system32\wroumsms.dll
Category:
Trojan
Description:
This program displays advertisements and may be difficult to remove.
Advice:
Remove this software immediately.
Resources:
process:
pid:3268
process:
pid:1712
clsid:
HKLM\SOFTWARE\CLASSES\CLSID\{15CC0BD9-4E66-48B8-87AD-44DE03EAEED6}
regkey:
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15CC0BD9-4E66-48B8-87AD-44DE03EAEED6}
regkey:
HKLM\SOFTWARE\CLASSES\CLSID\{15CC0BD9-4E66-48B8-87AD-44DE03EAEED6}
regkey:
HKCU@S-1-5-21-248443124-3853638973-3280566910-1008\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{15CC0BD9-4E66-48B8-87AD-44DE03EAEED6}
bho:
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15CC0BD9-4E66-48B8-87AD-44DE03EAEED6}
ieaddon:
HKCU@S-1-5-21-248443124-3853638973-3280566910-1008\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{15CC0BD9-4E66-48B8-87AD-44DE03EAEED6}
lsapackage:
HKLM\SYSTEM\CURRENTCONTROLSET\CONTROL\LSA\\AUTHENTICATION PACKAGES:C:\WINDOWS\system32\byXOeDWQ
file:
C:\WINDOWS\system32\byXOeDWQ.dll
Category:
Trojan
Description:
This program displays advertisements and may be difficult to remove.
Advice:
Remove this software immediately.
Resources:
process:
pid:1076
clsid:
HKLM\SOFTWARE\CLASSES\CLSID\{2769040C-B5E5-446F-95D1-CCCE449BF08D}
regkey:
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{2769040C-B5E5-446F-95D1-CCCE449BF08D}
regkey:
HKLM\SOFTWARE\CLASSES\CLSID\{2769040C-B5E5-446F-95D1-CCCE449BF08D}
regkey:
HKCU@S-1-5-21-248443124-3853638973-3280566910-1008\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{2769040C-B5E5-446F-95D1-CCCE449BF08D}
bho:
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{2769040C-B5E5-446F-95D1-CCCE449BF08D}
ieaddon:
HKCU@S-1-5-21-248443124-3853638973-3280566910-1008\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{2769040C-B5E5-446F-95D1-CCCE449BF08D}
lsapackage:
HKLM\SYSTEM\CURRENTCONTROLSET\CONTROL\LSA\\AUTHENTICATION PACKAGES:C:\WINDOWS\system32\jkkLDTmM
file:
C:\WINDOWS\system32\jkkLDTmM.dll
Category:
Trojan
Description:
This program displays advertisements and may be difficult to remove.
Advice:
Remove this software immediately.
Resources:
process:
pid:4012
clsid:
HKLM\Software\Classes\CLSID\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}
regkey:
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}
regkey:
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\opnkkliH
regkey:
HKLM\Software\Classes\CLSID\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}
shellexechook:
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}
winlognotif:
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\opnkkliH
file:
C:\WINDOWS\system32\opnkkliH.dll
Category:
Adware
Description:
This program delivers advertisements and tracks activity.
Advice:
Review the alert details to see why the software was detected. If you do not like how the software operates or if you do not recognize and trust the publisher, consider blocking or removing the software.
Resources:
process:
pid:3964
process:
pid:2684
regkey:
HKCU@S-1-5-21-248443124-3853638973-3280566910-1008\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\GetPack26
regkey:
HKCU@S-1-5-21-248443124-3853638973-3280566910-1008\Software\Microsoft\Windows\CurrentVersion\Run\\GetModule32
runkey:
HKCU@S-1-5-21-248443124-3853638973-3280566910-1008\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\GetPack26
runkey:
HKCU@S-1-5-21-248443124-3853638973-3280566910-1008\Software\Microsoft\Windows\CurrentVersion\Run\\GetModule32
file:
C:\Program Files\GetPack\GetPack26.exe
file:
C:\Program Files\GetModule\GetModule32.exe
Category:
Trojan
Description:
This program displays advertisements and may be difficult to remove.
Advice:
Remove this software immediately.
Resources:
file:
C:\WINDOWS\system32\iiffDVpN.dll
My Windows Defender has Succeded in Removing These Files but However they keep showing up. I am going to post a Hijackthis log and please tell me what to do. Thank you for helping me.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:47, on 2009-01-04
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HPQ\One-Touch\OneTouch.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us8l.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://internet.hrbl.../proxy_pac_file
R3 - URLSearchHook: (no name) - {affa8b5f-909b-492b-952a-bc1b2ac37395} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {2769040C-B5E5-446F-95D1-CCCE449BF08D} - C:\WINDOWS\system32\jkkLDTmM.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (file missing)
O3 - Toolbar: (no name) - {affa8b5f-909b-492b-952a-bc1b2ac37395} - (no file)
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TV Now] C:\Program Files\HPQ\Notebook Utilities\TvNow.exe /RK
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [LanTalk.NET] C:\Program Files\CEZEO software\LanTalk NET\LanTalk.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware Reboot] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ProxyWay] C:\Program Files\ProxyWay\proxyway.exe
O4 - HKCU\..\Run: [CryptLoad] C:\Documents and Settings\Devansh\Desktop\CryptLoad_RS_MUDownloader_v1.04_ByMechodownload\CryptLoad RS&MUDownloader v1.04_ByMechodownload\CryptLoad_1.0.4\RouterClient.exe
O4 - HKCU\..\Run: [SmsDiscount] "C:\Program Files\SmsDiscount.com\SmsDiscount\SmsDiscount.exe" -nosplash -minimized
O4 - HKCU\..\Run: [cfgcomadm] C:\WINDOWS\system32\nevyrqly.exe
O4 - HKCU\..\Run: [C:\Documents and Settings\Devansh\Desktop\BlackBerry_JDE_Components_4.5.0.exe] C:\Documents and Settings\Devansh\Desktop\BlackBerry_JDE_Components_4.5.0.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [YBlEiyprNI] C:\Documents and Settings\All Users\Application Data\xwzsbyts\tuxwlavi.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: SiteCatalyst ClickMap - {5BB29DC6-4046-4aa1-B590-C29372456BA0} - C:\WINDOWS\Downloaded Program Files\ClickMap.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://us8l.hpwis.com
O16 - DPF: bandInstaller - https://sc.omniture....apInstaller.CAB
O16 - DPF: vzTCPConfig - http://www2.verizon....vzTCPConfig.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} (Encrypt Class) - https://udit.taxcut....html/AtxEnc.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplane...C_2.3.7.109.cab
O16 - DPF: {483EB14D-AF1C-4951-81B0-4E2B41829FF6} (QOLCheck Control) - https://www.select2p...bs/QOLCheck.ocx
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail....es/MSNPUpld.cab
O16 - DPF: {55E515F7-0FA2-4610-874E-028107E766A3} (eWebEditProLibCtl3.eWebEditPro) - http://titan.kc.hrbl...webeditpro3.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/p...owserPlugin.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.h...ctDetection.cab
O16 - DPF: {8990AFAD-D352-42AC-A72F-A660BBF6E209} (OfficeScan Management Console) - https://udit.taxcut..../AtxConsole.cab
O16 - DPF: {B24F0664-7DDA-40B6-B38C-A4FD68DE8685} (CentraDownloaderCtl Class) - http://192.223.249.9...aDownloader.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai...0/installer.exe
O20 - Winlogon Notify: opnkkliH - opnkkliH.dll (file missing)
O21 - SSODL: StrUtil - {08AA84D9-CBF4-F2DD-3E1A-01F02C470590} - C:\Program Files\dhahmac\StrUtil.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing)
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
--
End of file - 10803 bytes
Welcome to 247fixes PC Help Forum
 |
Welcome to 247fixes PC Help Forum, like most online communities you must register to view or post in our community, but don't worry this is a simple free process that requires minimal information. Take advantage of it immediately, Register Now or Sign In.
|
| Guest Message © 2010 DevFuse | |
Page 1 of 1
- You cannot start a new topic
-
This topic is locked
[Resolved] Help Removing Trojan:Win32/Vundo.gen!Y, etc
MultiQuote
#2
- Visiting Staff
-
- Group: Visiting Staff
- Posts: 629
- Joined: 21-June 08
- Gender:Male
- Location:Northfield, Ohio
- Interests:Programming, Malware Smashing
Posted 05 January 2009 - 11:11 AM
Hello, Devansh
:welcome: to 247Fixes.com
My name is BillyIII and I will be helping you. (Billy or Bill is fine, if you like.)
Please give me some time to look over your computer's log(s).
Please take note of the following:
We need to create an OTViewIt Report
We need to scan for Rootkits with GMER
In your next reply, please include the following:
BillyIII
:welcome: to 247Fixes.com
My name is BillyIII and I will be helping you. (Billy or Bill is fine, if you like.)
Please give me some time to look over your computer's log(s).
Please take note of the following:
- In the meantime, please refrain from making any changes to your computer.
- Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :)
- If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
- Finally, please reply using the http://www.247fixes.com/forums/style_images/killspyware/t_reply.gif button in the lower left hand corner of your screen.
We need to create an OTViewIt Report
- Please download OTViewIt by OldTimer.
- Save it to your desktop.
- Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/otviewit.png icon on your desktop.
- Click the "Scan All Users" checkbox.
- Push the http://billy-oneal.com/Canned%20Speeches/speechimages/otviewitrun.png button.
- Two reports will open, copy and paste them in a reply here:
- OTViewIt.txt <-- Will be opened
- Extra.txt <-- Will be minimized
- OTViewIt.txt <-- Will be opened
We need to scan for Rootkits with GMER
- Please download GMER from one of the following mirrors:
- Close any and all open programs, as this process may crash your computer.
- Unzip the downloaded file to your desktop.
- Double click http://billy-oneal.com/Canned%20Speeches/speechimages/gmer/gmerDesktopIcon.png on your desktop.
- Allow the gmer.sys driver to load if asked.
- You may see this window. If you do, click No.
http://billy-oneal.com/Canned%20Speeches/speechimages/gmer/gmerNoDialog.png - Click on http://billy-oneal.com/Canned%20Speeches/speechimages/gmer/btnScan.png and wait for the scan to finish.
- If you see a rootkit warning window, click OK.
- Push http://billy-oneal.com/Canned%20Speeches/speechimages/gmer/btnSave.png and save the logfile to your desktop.
- Copy and Paste the contents of that file in your next post.
In your next reply, please include the following:
- OTViewIt.txt
- Extra.txt
- GMER's Log
BillyIII
#3
- Full Member
-
- Group: Member+
- Posts: 16
- Joined: 18-June 08
Posted 05 January 2009 - 08:46 PM
Thank You very Much For Reply. Here is the Following stuff you asked me to do.
OTViewIT:
OTViewIt logfile created on: 2009-01-05 2:37:24 PM - Run
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Devansh\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy-MM-dd
958.98 Mb Total Physical Memory | 500.36 Mb Available Physical Memory | 52.18% Memory free
1.51 Gb Paging File | 1.16 Gb Available in Paging File | 76.39% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.30 Gb Total Space | 8.70 Gb Free Space | 29.68% Space Free | Partition Type: NTFS
Drive D: | 26.58 Gb Total Space | 25.01 Gb Free Space | 94.11% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: STUDYTIME
Current User Name: Devansh
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days
========== Processes ==========
[2006-11-03 18:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
[2008-11-07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2008-02-29 08:27:53 | 00,418,816 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG7\avgamsvr.exe
[2008-02-29 08:28:16 | 00,049,664 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG7\avgupsvc.exe
[2005-08-12 16:37:50 | 01,504,256 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
[2002-08-15 13:11:00 | 00,151,552 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\HPConfig.exe
[2003-01-14 17:12:14 | 00,053,248 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
[2004-01-13 08:51:10 | 00,045,056 | ---- | M] () -- C:\WINDOWS\system32\WLTRYSVC.EXE
[2001-05-01 20:06:22 | 00,053,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MsPMSPSv.exe
[2006-10-18 19:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
[2008-10-16 14:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2004-01-13 08:51:08 | 00,499,712 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\BCMWLTRY.EXE
[2002-08-14 20:29:38 | 00,290,816 | ---- | M] (ATI Technologies, Inc.) -- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[2003-03-13 10:14:42 | 00,102,400 | ---- | M] (Dritek System Inc.) -- C:\Program Files\HPQ\One-Touch\ONETOUCH.EXE
[2005-02-02 19:12:24 | 00,102,492 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
[2005-02-02 19:11:14 | 00,692,316 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[2003-05-21 15:35:50 | 00,004,608 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\carpserv.exe
[2008-10-16 14:05:10 | 00,590,848 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG7\avgcc.exe
[2008-01-28 19:39:59 | 00,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[2008-06-10 03:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[2006-10-18 19:05:26 | 00,204,288 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
[2008-04-23 02:38:16 | 00,029,696 | -H-- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
[2008-10-16 14:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2008-12-17 20:01:53 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2009-01-05 14:37:12 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Devansh\Desktop\OTViewIt.exe
========== (O23) Win32 Services ==========
[2008-11-07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2007-10-24 00:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2008-02-29 08:27:53 | 00,418,816 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG7\avgamsvr.exe -- (Avg7Alrt [Auto | Running])
[2008-02-29 08:28:16 | 00,049,664 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG7\avgupsvc.exe -- (Avg7UpdSvc [Auto | Running])
[2007-10-24 00:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2005-08-12 16:37:50 | 01,504,256 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND [Auto | Running])
[2002-08-15 13:11:00 | 00,151,552 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\HPConfig.exe -- (HPConfig [Auto | Running])
[2003-01-14 17:12:14 | 00,053,248 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe -- (HPWirelessMgr [Auto | Running])
[2005-04-03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2008-11-20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
File not found -- -- (MSSQLServerADHelper [On_Demand | Stopped])
[2007-08-24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
[2006-10-26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2007-02-10 05:29:56 | 00,089,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter [Auto | Stopped])
[2006-11-03 18:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend [Auto | Running])
[2004-01-13 08:51:10 | 00,045,056 | ---- | M] () -- C:\WINDOWS\system32\WLTRYSVC.EXE -- (WLTRYSVC [Auto | Running])
[2001-05-01 20:06:22 | 00,053,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MsPMSPSv.exe -- (WMDM PMSP Service [Auto | Running])
[2006-10-18 19:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [Auto | Running])
========== Driver Services ==========
[2001-08-17 16:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde [Boot | Running])
[2003-07-10 06:16:46 | 00,026,112 | R--- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\drivers\aliirda.sys -- (ALiIRDA [On_Demand | Running])
[2005-11-21 00:48:20 | 00,016,512 | ---- | M] (Adaptec) -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32 [Auto | Running])
[2004-05-15 18:29:12 | 00,701,952 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
[2008-02-29 08:28:20 | 00,821,856 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\system32\drivers\avg7core.sys -- (Avg7Core [System | Running])
[2008-02-29 08:28:25 | 00,004,224 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\system32\drivers\avg7rsw.sys -- (Avg7RsW [System | Running])
[2008-02-29 08:28:26 | 00,027,776 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\system32\drivers\avg7rsxp.sys -- (Avg7RsXP [System | Running])
[2008-02-29 08:29:50 | 00,010,760 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\system32\drivers\avgclean.sys -- (AvgClean [System | Running])
[2006-10-12 23:26:56 | 00,604,928 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX [On_Demand | Running])
[2009-01-02 15:50:39 | 00,163,456 | ---- | M] () -- C:\WINDOWS\system32\drivers\vidstub.sys -- (BootScreen [Boot | Running])
[2002-07-18 08:07:50 | 00,023,602 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atisgkaf.SYS -- (caboagp [Boot | Running])
[2004-02-17 17:58:40 | 00,292,352 | ---- | M] (Conexant Systems Inc.) -- C:\WINDOWS\system32\drivers\caliaud.sys -- (CALIAUD [On_Demand | Running])
[2004-02-17 17:59:18 | 00,273,536 | ---- | M] (Conexant Systems Inc.) -- C:\WINDOWS\system32\drivers\calihal.sys -- (CALIHALA [On_Demand | Running])
[2008-01-04 16:58:46 | 00,009,336 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp [System | Running])
[2008-01-04 16:58:46 | 00,009,464 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k [System | Running])
[2003-01-01 07:34:42 | 00,259,456 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys -- (cdudf_xp [System | Running])
[2001-08-17 02:13:20 | 00,027,164 | ---- | M] (Xircom, Inc.) -- C:\WINDOWS\system32\drivers\CE3N5.SYS -- (CE3 [On_Demand | Stopped])
[2005-05-17 03:51:34 | 00,005,315 | ---- | M] (Cisco Systems, Inc.) -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA [On_Demand | Stopped])
[2005-08-12 16:35:56 | 00,305,739 | ---- | M] (Cisco Systems, Inc.) -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA [On_Demand | Running])
[2002-10-16 07:15:54 | 00,014,543 | ---- | M] (Dritek System Inc.) -- C:\WINDOWS\system32\drivers\DKbFltr.SYS -- (DKbFltr [On_Demand | Running])
[2004-11-03 11:07:24 | 00,146,888 | ---- | M] (Deterministic Networks, Inc.) -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE [On_Demand | Running])
[2008-04-13 13:39:46 | 00,206,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\dot4.sys -- (Dot4 [On_Demand | Stopped])
[2001-08-17 12:47:32 | 00,012,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\Dot4Prt.sys -- (Dot4Print [On_Demand | Stopped])
[2003-07-16 20:01:02 | 00,028,280 | ---- | M] (National Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\DP83815.sys -- (DP83815 [On_Demand | Stopped])
[2003-07-18 20:25:16 | 00,021,993 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K [On_Demand | Stopped])
[2008-04-17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2002-07-17 15:09:12 | 00,014,504 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\drivers\hpci.sys -- (HPCI [On_Demand | Running])
[2004-12-15 13:18:28 | 00,205,696 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFHWALI.sys -- (HSFHWALI [On_Demand | Running])
[2003-05-21 15:31:22 | 01,063,040 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP [On_Demand | Stopped])
[2004-12-15 14:19:08 | 01,038,208 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV [On_Demand | Running])
[2008-04-13 13:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Stopped])
[2006-09-18 17:38:26 | 00,015,584 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X [Auto | Running])
[2006-06-19 13:26:58 | 00,012,672 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
[2003-07-18 20:25:14 | 00,022,745 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K [On_Demand | Running])
[2001-08-17 16:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])
[2008-04-13 13:53:09 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm [On_Demand | Stopped])
[2003-03-30 21:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2003-07-18 20:25:10 | 00,118,409 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k [System | Running])
[2008-01-04 16:58:46 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
[2007-01-18 10:24:58 | 00,026,496 | R--- | M] (Research in Motion Ltd) -- C:\WINDOWS\system32\drivers\RimSerial.sys -- (RimVSerPort [On_Demand | Stopped])
[2003-03-30 21:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rootmdm.sys -- (ROOTMODEM [On_Demand | Stopped])
[2008-04-13 13:40:48 | 00,043,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sbp2port.sys -- (sbp2port [Boot | Stopped])
[2007-11-13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2001-08-17 02:10:28 | 00,035,913 | ---- | M] (SMC) -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA [On_Demand | Stopped])
[2003-05-21 15:35:56 | 00,030,592 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\strmdisp.sys -- (StreamDispatcher [Auto | Running])
[2005-02-02 18:59:00 | 00,191,456 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP [On_Demand | Running])
[2004-02-04 10:27:56 | 00,049,536 | ---- | M] (Texas Instruments Incorporated) -- C:\WINDOWS\system32\drivers\tiehdusb.sys -- (TIEHDUSB [On_Demand | Stopped])
[2003-07-18 20:22:06 | 00,213,120 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\UdfReadr_xp.sys -- (UdfReadr_xp [System | Running])
[2008-10-01 13:01:28 | 00,032,000 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
[2005-01-26 04:22:20 | 00,280,344 | ---- | M] (Zone Labs LLC) -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant [On_Demand | Stopped])
[2004-12-15 14:18:28 | 00,703,232 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf [On_Demand | Running])
[2008-04-13 13:36:38 | 00,008,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wmiacpi.sys -- (WmiAcpi [System | Stopped])
========== (R ) Internet Explorer ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://us8l.hpwis.com/
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
"provider"=
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{affa8b5f-909b-492b-952a-bc1b2ac37395}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
[HKEY_USERS\S-1-5-21-248443124-3853638973-3280566910-1008\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://us8l.hpwis.com/
[HKEY_USERS\S-1-5-21-248443124-3853638973-3280566910-1008\Software\Microsoft\Internet Explorer\SearchURL]
""=http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
"provider"=
[HKEY_USERS\S-1-5-21-248443124-3853638973-3280566910-1008\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{affa8b5f-909b-492b-952a-bc1b2ac37395}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
[HKEY_USERS\S-1-5-21-248443124-3853638973-3280566910-1008\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-248443124-3853638973-3280566910-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
========== (O1) Hosts File ==========
HOSTS File = (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
========== (O2) BHO's ==========
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{02478D38-C3F9-4efb-9B51-7695ECA05670} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{2769040C-B5E5-446F-95D1-CCCE449BF08D} (HKLM) -- C:\WINDOWS\system32\jkkLDTmM.dll File not found
{3049C3E9-B461-4BC5-8870-4C09146192CA} (HKLM) -- C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
========== (O3) Toolbars ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{affa8b5f-909b-492b-952a-bc1b2ac37395}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{D0943516-5076-4020-A3B5-AEFAF26AB263}" (HKLM) -- C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll File not found
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{AFFA8B5F-909B-492B-952A-BC1B2AC37395}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
[HKEY_USERS\S-1-5-21-248443124-3853638973-3280566910-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
[HKEY_USERS\S-1-5-21-248443124-3853638973-3280566910-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{AFFA8B5F-909B-492B-952A-BC1B2AC37395}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
[HKEY_USERS\S-1-5-21-248443124-3853638973-3280566910-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
========== (O4) Run Keys ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
"AVG7_CC"=C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP (GRISOFT, s.r.o.)
"CARPService"=carpserv.exe (Conexant Systems, Inc.)
"Cpqset"=C:\Program Files\HPQ\Default Settings\cpqset.exe ()
"Display Settings"=C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s (Hewlett-Packard)
"LanTalk.NET"=C:\Program Files\CEZEO software\LanTalk NET\LanTalk.exe File not found
"Malwarebytes Anti-Malware Reboot"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript File not found
"QT4HPOT"=C:\Program Files\HPQ\One-Touch\OneTouch.EXE (Dritek System Inc.)
"RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" (Roxio)
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
"TV Now"=C:\Program Files\HPQ\Notebook Utilities\TvNow.exe /RK ()
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" File not found
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C:\Documents and Settings\Devansh\Desktop\BlackBerry_JDE_Components_4.5.0.exe"=C:\Documents and Settings\Devansh\Desktop\BlackBerry_JDE_Components_4.5.0.exe File not found
"cfgcomadm"=C:\WINDOWS\system32\nevyrqly.exe File not found
"CryptLoad"=C:\Documents and Settings\Devansh\Desktop\CryptLoad_RS_MUDownloader_v1.04_ByMechodownload\CryptLoad RS&MUDownloader v1.04_ByMechodownload\CryptLoad_1.0.4\RouterClient.exe File not found
"ProxyWay"=C:\Program Files\ProxyWay\proxyway.exe File not found
"SmsDiscount"="C:\Program Files\SmsDiscount.com\SmsDiscount\SmsDiscount.exe" -nosplash -minimized File not found
"Uniblue RegistryBooster 2"=C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S File not found
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"=C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (GRISOFT, s.r.o.)
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (Microsoft Corporation)
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"=C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (GRISOFT, s.r.o.)
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-248443124-3853638973-3280566910-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C:\Documents and Settings\Devansh\Desktop\BlackBerry_JDE_Components_4.5.0.exe"=C:\Documents and Settings\Devansh\Desktop\BlackBerry_JDE_Components_4.5.0.exe File not found
"cfgcomadm"=C:\WINDOWS\system32\nevyrqly.exe File not found
"CryptLoad"=C:\Documents and Settings\Devansh\Desktop\CryptLoad_RS_MUDownloader_v1.04_ByMechodownload\CryptLoad RS&MUDownloader v1.04_ByMechodownload\CryptLoad_1.0.4\RouterClient.exe File not found
"ProxyWay"=C:\Program Files\ProxyWay\proxyway.exe File not found
"SmsDiscount"="C:\Program Files\SmsDiscount.com\SmsDiscount\SmsDiscount.exe" -nosplash -minimized File not found
"Uniblue RegistryBooster 2"=C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S File not found
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
========== (O4) Startup Folders ==========
[2008-04-23 02:38:16 | 00,029,696 | -H-- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
[2008-05-15 09:54:00 | 00,006,144 | R--- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{00CD55D6-EE5A-4570-9875-8A306628C032}\Icon3E5562ED7.ico
========== (O6 & O7) Current Version Policies ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"AllowLegacyWebView"=1
"AllowUnhashedWebView"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run]
"YBlEiyprNI"=C:\Documents and Settings\All Users\Application Data\xwzsbyts\tuxwlavi.exe -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableRegistryTools"=0
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"CDRAutoRun"=0
"NoDriveAutoRun"=67108863
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"CDRAutoRun"=0
"NoDriveAutoRun"=67108863
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
[HKEY_USERS\S-1-5-21-248443124-3853638973-3280566910-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
========== (O8) IE Context Menu Extensions ==========
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [2008-12-12 15:30:30 | 17,858,560 | ---- | M] (Microsoft Corporation)
[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE File not found
[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE File not found
[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found
[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found
[HKEY_USERS\S-1-5-21-248443124-3853638973-3280566910-1008\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [2008-12-12 15:30:30 | 17,858,560 | ---- | M] (Microsoft Corporation)
========== (O9) IE Extensions ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [2008-06-10 03:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{5BB29DC6-4046-4aa1-B590-C29372456BA0}: Button: SiteCatalyst ClickMap -- %SystemRoot%\Downloaded Program Files\ClickMap.dll File not found
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [2006-10-26 20:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008-04-13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008-04-13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008-04-13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003-02-28 18:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{5BB29DC6-4046-4aa1-B590-C29372456BA0} [HKLM] -> %SystemRoot%\Downloaded Program Files\ClickMap.dll [SiteCatalyst ClickMap] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [Research] -> [2006-10-26 20:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008-04-13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008-04-13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003-02-28 18:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{5BB29DC6-4046-4aa1-B590-C29372456BA0} [HKLM] -> %SystemRoot%\Downloaded Program Files\ClickMap.dll [SiteCatalyst ClickMap] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [Research] -> [2006-10-26 20:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008-04-13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008-04-13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003-02-28 18:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{5BB29DC6-4046-4aa1-B590-C29372456BA0} [HKLM] -> %SystemRoot%\Downloaded Program Files\ClickMap.dll [SiteCatalyst ClickMap] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [Research] -> [2006-10-26 20:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008-04-13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008-04-13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-248443124-3853638973-3280566910-1008\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003-02-28 18:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{5BB29DC6-4046-4aa1-B590-C29372456BA0} [HKLM] -> %SystemRoot%\Downloaded Program Files\ClickMap.dll [SiteCatalyst ClickMap] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [Research] -> [2006-10-26 20:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008-04-13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008-04-13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
========== (O12) Internet Explorer Plugins ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.micro...d...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery
========== (O13) Default Prefixes ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://
========== (O15) Trusted Sites ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
33 domain(s) and sub-domain(s) not assigned to a zone.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
32 domain(s) and sub-domain(s) not assigned to a zone.
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
32 domain(s) and sub-domain(s) not assigned to a zone.
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
32 domain(s) and sub-domain(s) not assigned to a zone.
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
32 domain(s) and sub-domain(s) not assigned to a zone.
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
32 domain(s) and sub-domain(s) not assigned to a zone.
[HKEY_USERS\S-1-5-21-248443124-3853638973-3280566910-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
32 domain(s) and sub-domain(s) not assigned to a zone.
========== (O16) DPF ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{166B1BCA-3F9C-11CF-8075-444553540000}: http://download.macr...director/sw.cab -- Shockwave ActiveX Control
{17492023-C23A-453E-A040-C7C580BBF700}: http://go.microsoft....k/?linkid=39204 -- Windows Genuine Advantage Validation Tool
{33564D57-0000-0010-8000-00AA00389B71}: http://download.micr...922/wmv9VCM.CAB -- Reg Error: Key does not exist or could not be opened.
{35C3D91E-401A-4E45-88A5-F3B32CD72DF4}: https://udit.taxcut....html/AtxEnc.cab -- Encrypt Class
{39B0684F-D7BF-4743-B050-FDC3F48F7E3B}: http://www.fileplane...C_2.3.7.109.cab -- Reg Error: Key does not exist or could not be opened.
{483EB14D-AF1C-4951-81B0-4E2B41829FF6}: https://www.select2p...bs/QOLCheck.ocx -- QOLCheck Control
{48DD0448-9209-4F81-9F6D-D83562940134}: http://lads.myspace....ploader1006.cab -- MySpace Uploader Control
{4F1E5B1A-2A80-42CA-8532-2D05CB959537}: http://gfx2.hotmail....es/MSNPUpld.cab -- MSN Photo Upload Tool
{55E515F7-0FA2-4610-874E-028107E766A3}: http://titan.kc.hrbl...webeditpro3.cab -- eWebEditProLibCtl3.eWebEditPro
{5C6698D9-7BE4-4122-8EC5-291D84DBD4A0}: http://upload.facebo...toUploader3.cab -- Facebook Photo Uploader 4 Control
{644E432F-49D3-41A1-8DD5-E099162EEEC5}: http://security.syma...n/bin/cabsa.cab -- Symantec RuFSI Utility Class
{67DABFBF-D0AB-41FA-9C46-CC0F21721616}: http://go.divx.com/p...owserPlugin.cab -- DivXBrowserPlugin Object
{6B75345B-AA36-438A-BBE6-4078B4C6984D}: http://h20270.www2.h...ctDetection.cab -- HpProductDetection Class
{8990AFAD-D352-42AC-A72F-A660BBF6E209}: https://udit.taxcut..../AtxConsole.cab -- OfficeScan Management Console
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/...indows-i586.cab -- Java Plug-in 1.6.0_07
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.ma...t/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
{B24F0664-7DDA-40B6-B38C-A4FD68DE8685}: http://192.223.249.9...aDownloader.cab -- CentraDownloaderCtl Class
{C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3}: http://a532.g.akamai...0/installer.exe -- Virtools WebPlayer Class
{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}: http://java.sun.com/...indows-i586.cab -- Java Plug-in 1.4.2
{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}: http://java.sun.com/...indows-i586.cab -- Java Plug-in 1.5.0_16
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}: http://java.sun.com/...indows-i586.cab -- Java Plug-in 1.6.0_01
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/...indows-i586.cab -- Java Plug-in 1.6.0_07
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://download.macr...ash/swflash.cab -- Shockwave Flash Object
bandInstaller: https://sc.omniture....apInstaller.CAB -- Reg Error: Key does not exist or could not be opened.
Microsoft XML Parser for Java: -- Reg Error: Key does not exist or could not be opened.
vzTCPConfig: http://www2.verizon....vzTCPConfig.CAB -- Reg Error: Key does not exist or could not be opened.
========== (O17) DNS Name Servers ==========
{06BCDCB9-ECDD-468D-9D11-19E80EA5653B} (Servers: | Description: Broadcom 802.11b/g WLAN)
{39F39582-3B9F-43F8-B1C4-25D21A74AA9F} (Servers: | Description: )
{55F9EAFB-63EB-4971-8664-8931D1DEDA18} (Servers: | Description: 1394 Net Adapter)
{86B46416-83EB-4CEA-960A-BBAE31F59CE0} (Servers: | Description: National Semiconductor Corp. DP83815/816 10/100 MacPhyter PCI Adapter)
{FE8E1F4B-8194-4DE4-914A-A73540DFFE00} (Servers: | Description: 1394 Net Adapter)
========== (O19) User Style Sheets ==========
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles]
========== (O20) HKLM Winlogon Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"UIHost"=C:\WINDOWS\system32\logonuiX.exe
>[2009-01-02 15:50:19 | 04,966,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\logonuiX.exe
========== (O20) Winlogon Notify Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
opnkkliH: "DllName" = opnkkliH.dll -- File not found
WBSrv: "DllName" = C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll -- C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll (Stardock)
========== (O21) SSODL Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"StrUtil"={08AA84D9-CBF4-F2DD-3E1A-01F02C470590} (HKLM) -- C:\Program Files\dhahmac\StrUtil.dll File not found
========== Shell Execute Hooks ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" (HKLM) -- C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
========== Safeboot Options ==========
"AlternateShell"=cmd.exe
========== CDRom AutoRun Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1
========== MountPoints2 ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\##IBM_A31#D\Shell]
""=AutoRun
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\##IBM_A31#D\Shell\AutoRun]
""=Auto&Play
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\##IBM_A31#D\Shell\AutoRun\command]
""=Z:\Student_One_Stop.exe -- File not found
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{61ca4e41-9d88-11dd-a135-00904b4167db}\Shell\p\command]
""=C:\WINDOWS\explorer.exe -- [2008-04-13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation)
========== Files/Folders - Created Within 30 Days ==========
[2 C:\WINDOWS\*.tmp files]
[2009-01-05 14:37:05 | 00,422,912 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Devansh\Desktop\OTViewIt.exe
[2009-01-04 18:54:38 | 00,152,515 | ---- | C] () -- C:\Documents and Settings\Devansh\Desktop\SAT Writing Section!.docx
[2009-01-04 18:45:19 | 00,347,488 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Devansh\Desktop\WINWORD.EXE
[2009-01-04 16:24:15 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Devansh\Desktop\HijackThis.lnk
[2009-01-04 16:24:14 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009-01-04 16:08:57 | 00,053,248 | ---- | C] (Sysinternals) -- C:\WINDOWS\PSEXESVC.EXE
[2009-01-04 16:08:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009-01-04 16:04:51 | 00,000,221 | ---- | C] () -- C:\Boot.bak
[2009-01-04 16:04:48 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009-01-04 16:04:38 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009-01-04 16:02:32 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009-01-04 16:02:32 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009-01-04 16:02:32 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009-01-04 16:02:32 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009-01-04 16:02:32 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe
[2009-01-04 16:02:32 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009-01-04 16:02:32 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009-01-04 16:02:32 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFIND.exe
[2009-01-04 16:02:32 | 00,028,672 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009-01-04 16:02:24 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF23831.exe
[2009-01-04 11:39:39 | 00,033,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bxubvkzk.exe
@Alternate Data Stream - 124 bytes -> C:\WINDOWS\System32\bxubvkzk.exe:changelist
[2009-01-04 11:37:16 | 10,056,37632 | -HS- | C] () -- C:\hiberfil.sys
[2009-01-04 11:12:05 | 01,307,356 | -HS- | C] () -- C:\WINDOWS\System32\smsmuorw.ini
[2009-01-03 23:09:48 | 02,108,912 | -H-- | C] () -- C:\Documents and Settings\Devansh\Local Settings\Application Data\IconCache.db
[2009-01-03 18:14:39 | 04,291,481 | ---- | C] () -- C:\Documents and Settings\Devansh\Desktop\rabnebanadijodi02(www.songs.pk).mp3
[2009-01-03 18:06:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Devansh\Desktop\All Hindi
[2009-01-03 18:06:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Devansh\Desktop\All Techno
[2009-01-03 18:05:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Devansh\Desktop\All Rap Hip-Hop
[2009-01-03 18:05:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Devansh\Desktop\Desktop
[2009-01-03 15:10:10 | 00,000,314 | ---- | C] () -- C:\WINDOWS\tasks\lunywxgs.job
[2009-01-03 13:39:51 | 17,842,981 | ---- | C] () -- C:\Documents and Settings\Devansh\Desktop\The Final Shiva Arth..mp3
[2009-01-02 15:34:46 | 00,002,137 | ---- | C] () -- C:\Documents and Settings\Devansh\Desktop\iTunes.lnk
[2009-01-02 15:34:37 | 01,181,696 | ---- | C] () -- C:\Documents and Settings\Devansh\Desktop\ShockAero3D.exe
[2009-01-02 11:43:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Devansh\Desktop\All Deleted Files
[2009-01-02 10:44:13 | 00,065,536 | ---- | C] () -- C:\WINDOWS\IFinst27.exe
[2009-01-02 10:33:56 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Devansh\My Documents\ObjectDock Library
[2009-01-02 10:33:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Devansh\Local Settings\Application Data\Stardock
[2009-01-02 09:23:42 | 00,000,801 | ---- | C] () -- C:\Documents and Settings\Devansh\Desktop\ObjectDock.lnk
[2009-01-02 09:23:04 | 00,000,000 | ---D | C] -- C:\Program Files\WinFlip
[2009-01-02 08:57:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Devansh\Local Settings\Application Data\TouchStoneSoftware
[2009-01-01 18:24:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Devansh\Desktop\All Documents and Folders
[2009-01-01 18:07:40 | 00,000,000 | ---D | C] -- C:\Program Files\Shock Utility
[2009-01-01 17:59:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Devansh\My Documents\My Widgets
[2008-12-27 13:55:32 | 00,163,456 | ---- | C] () -- C:\WINDOWS\System32\drivers\vidstub.sys
[2008-12-26 19:15:32 | 00,218,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\uxtheme.backup
[2008-12-26 13:13:13 | 00,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
[2008-12-20 14:26:18 | 00,000,143 | ---- | C] () -- C:\WINDOWS\WB.ini
[2008-12-20 14:15:13 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\wbload.dll
[2008-12-20 13:52:14 | 00,000,024 | ---- | C] () -- C:\WINDOWS\LogonStudio.ini
[2008-12-20 13:44:27 | 00,045,056 | ---- | C] (Stardust Software) -- C:\WINDOWS\System32\sstunst3.exe
[2008-12-20 13:44:24 | 01,061,188 | ---- | C] () -- C:\WINDOWS\System32\ah.mx1
[2008-12-20 13:44:24 | 00,564,736 | ---- | C] (Stardust Software) -- C:\WINDOWS\System32\ah.scr
[2008-12-20 13:44:24 | 00,020,610 | ---- | C] () -- C:\WINDOWS\System32\ah.ibx
[2008-12-20 13:44:02 | 00,187,392 | ---- | C] () -- C:\WINDOWS\System32\JPGUtils.dll
[2008-12-20 13:43:59 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Stardock
[2008-12-20 13:43:58 | 00,000,000 | ---D | C] -- C:\Program Files\WinCustomize
[2008-12-20 13:41:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Devansh\Application Data\Unity
[2008-12-20 12:56:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Devansh\Local Settings\Application Data\Unity
[2008-12-20 12:56:13 | 00,000,000 | ---D | C] -- C:\Program Files\Unity
[2008-12-18 16:29:48 | 00,000,045 | ---- | C] () -- C:\TEST.XML
[2008-12-17 15:17:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\vbSkinner
[2008-12-17 15:17:16 | 00,412,672 | ---- | C] (JB) -- C:\WINDOWS\System32\VBSKPRO2.OCX
[2008-12-17 15:17:12 | 00,245,248 | ---- | C] (Tools & Components) -- C:\WINDOWS\System32\SEVXPCTL.OCX
[2008-12-17 15:17:12 | 00,145,920 | ---- | C] (Tools & Components) -- C:\WINDOWS\System32\SEVCMD3.OCX
[2008-12-17 15:16:50 | 00,000,058 | ---- | C] () -- C:\start
[2008-12-16 20:43:16 | 00,000,210 | -HS- | C] () -- C:\BOOT.BKK
[2008-12-14 18:51:49 | 00,000,784 | ---- | C] () -- C:\Documents and Settings\Devansh\Application Data\mpauth.dat
[2008-12-13 14:32:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Devansh\Local Settings\Application Data\Sample_SAT_Essays
[2008-12-13 14:26:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Devansh\Local Settings\Application Data\Conduit
========== Files - Modified Within 30 Days ==========
[22 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2009-01-05 14:37:12 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Devansh\Desktop\OTViewIt.exe
[2009-01-05 14:35:29 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009-01-05 14:34:13 | 00,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2009-01-05 14:34:10 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009-01-05 14:32:20 | 00,000,314 | ---- | M] () -- C:\WINDOWS\tasks\lunywxgs.job
[2009-01-05 14:32:20 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009-01-05 14:32:17 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009-01-05 14:32:08 | 10,056,37632 | -HS- | M] () -- C:\hiberfil.sys
[2009-01-04 18:54:40 | 00,152,515 | ---- | M] () -- C:\Documents and Settings\Devansh\Desktop\SAT Writing Section!.docx
[2009-01-04 16:24:15 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Devansh\Desktop\HijackThis.lnk
[2009-01-04 16:11:50 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009-01-04 16:11:19 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009-01-04 16:08:57 | 00,053,248 | ---- | M] (Sysinternals) -- C:\WINDOWS\PSEXESVC.EXE
[2009-01-04 16:04:52 | 00,000,291 | RHS- | M] () -- C:\boot.ini
[2009-01-04 16:02:16 | 00,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF23831.exe
[2009-01-04 11:39:40 | 00,033,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\bxubvkzk.exe
@Alternate Data Stream - 124 bytes -> C:\WINDOWS\System32\bxubvkzk.exe:changelist
[2009-01-04 11:12:14 | 01,307,356 | -HS- | M] () -- C:\WINDOWS\System32\smsmuorw.ini
[2009-01-03 23:09:48 | 02,108,912 | -H-- | M] () -- C:\Documents and Settings\Devansh\Local Settings\Application Data\IconCache.db
[2009-01-03 20:41:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009-01-03 18:14:50 | 04,291,481 | ---- | M] () -- C:\Documents and Settings\Devansh\Desktop\rabnebanadijodi02(www.songs.pk).mp3
[2009-01-03 18:10:05 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\Devansh\Desktop\iTunes.lnk
[2009-01-03 13:41:33 | 17,842,981 | ---- | M] () -- C:\Documents and Settings\Devansh\Desktop\The Final Shiva Arth..mp3
[2009-01-02 15:50:39 | 00,163,456 | ---- | M] () -- C:\WINDOWS\System32\drivers\vidstub.sys
[2009-01-02 15:50:19 | 04,966,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\logonuiX.exe
[2009-01-02 15:50:02 | 00,000,024 | ---- | M] () -- C:\WINDOWS\LogonStudio.ini
[2009-01-02 10:44:13 | 00,065,536 | ---- | M] () -- C:\WINDOWS\IFinst27.exe
[2009-01-02 09:23:42 | 00,000,801 | ---- | M] () -- C:\Documents and Settings\Devansh\Desktop\ObjectDock.lnk
[2009-01-02 08:50:47 | 00,000,221 | ---- | M] () -- C:\Boot.bak
[2009-01-02 08:43:18 | 00,000,045 | ---- | M] () -- C:\TEST.XML
[2008-12-26 13:13:13 | 00,002,560 | ---- | M] () -- C:\WINDOWS\_MSRSTRT.EXE
[2008-12-20 14:43:27 | 00,000,143 | ---- | M] () -- C:\WINDOWS\WB.ini
[2008-12-20 13:44:27 | 00,045,056 | ---- | M] (Stardust Software) -- C:\WINDOWS\System32\sstunst3.exe
[2008-12-20 13:44:24 | 01,061,188 | ---- | M] () -- C:\WINDOWS\System32\ah.mx1
[2008-12-20 13:44:24 | 00,564,736 | ---- | M] (Stardust Software) -- C:\WINDOWS\System32\ah.scr
[2008-12-20 13:44:24 | 00,020,610 | ---- | M] () -- C:\WINDOWS\System32\ah.ibx
[2008-12-17 16:11:40 | 00,361,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\TCPIP.SYS.ORIGINAL
[2008-12-17 16:11:40 | 00,361,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\TCPIP.SYS
[2008-12-17 16:11:40 | 00,361,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\TCPIP.SYS
[2008-12-17 15:33:20 | 00,000,058 | ---- | M] () -- C:\start
[2008-12-17 15:17:16 | 00,412,672 | ---- | M] (JB) -- C:\WINDOWS\System32\VBSKPRO2.OCX
[2008-12-17 15:17:12 | 00,245,248 | ---- | M] (Tools & Components) -- C:\WINDOWS\System32\SEVXPCTL.OCX
[2008-12-17 15:17:12 | 00,145,920 | ---- | M] (Tools & Components) -- C:\WINDOWS\System32\SEVCMD3.OCX
[2008-12-14 18:51:49 | 00,000,784 | ---- | M] () -- C:\Documents and Settings\Devansh\Application Data\mpauth.dat
[2008-12-14 13:59:11 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008-12-12 15:37:32 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2008-12-12 15:37:32 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2008-12-12 12:01:00 | 03,067,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2008-12-12 12:01:00 | 03,067,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2008-12-11 15:40:17 | 00,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[2008-12-09 18:24:37 | 17,593,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
< End of report >
Extras
OTViewIt Extras logfile created on: 2009-01-05 2:37:24 PM - Run
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Devansh\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy-MM-dd
958.98 Mb Total Physical Memory | 500.36 Mb Available Physical Memory | 52.18% Memory free
1.51 Gb Paging File | 1.16 Gb Available in Paging File | 76.39% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.30 Gb Total Space | 8.70 Gb Free Space | 29.68% Space Free | Partition Type: NTFS
Drive D: | 26.58 Gb Total Space | 25.01 Gb Free Space | 94.11% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: STUDYTIME
Current User Name: Devansh
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days
"Use My Stylesheet"=
"User Stylesheet"=
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.scr [@ = Reg Error: Key does not exist or could not be opened.] -- Reg Error: Key does not exist or could not be opened. File not found
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DoNotAllowExceptions"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\IcmpSettings]
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008-04-13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
File not found -- C:\Program Files\GlobalSCAPE\CuteFTP Pro\TE\ftpte.exe:*:Enabled:FTP Transfer Engine
File not found -- C:\Program Files\SecureCRT\SecureCRT.EXE:*:Enabled:SecureCRT Application
File not found -- C:\Program Files\StarNet\X-Win32\xwin32.exe:*:Enabled:X-Win32 X-Server
[2008-04-13 19:12:15 | 01,032,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\NetMeeting\conf.exe:*:Disabled:Windows® NetMeeting®
[2008-04-13 19:12:20 | 00,042,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ftp.exe:*:Enabled:File Transfer Program
File not found -- C:\Program Files\Altova\xmlspy\XMLSPY.exe:*:Enabled:XMLSPY
File not found -- C:\Program Files\Altova\xmlspy\StylesheetDesigner.exe:*:Enabled:Stylesheet Designer
[2008-04-13 19:12:22 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer
File not found -- C:\Program Files\CentraOne\bin\launcher.exe:*:Enabled:CentraOne Launcher
File not found -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
File not found -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)
[2008-04-13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008-04-13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
File not found -- C:\Program Files\SecureCRT\SecureCRT.EXE:*:Enabled:SecureCRT Application
[2008-04-13 19:12:15 | 01,032,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting®
File not found -- C:\Program Files\Altova\xmlspy\XMLSPY.exe:*:Enabled:XMLSPY
File not found -- C:\Program Files\GlobalSCAPE\CuteFTP Pro\TE\ftpte.exe:*:Enabled:FTP Transfer Engine
[2008-04-13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
File not found -- C:\Program Files\CounterPath\X-Lite\x-lite.exe:*:Enabled:X-Lite
File not found -- C:\Program Files\CounterPath\eyeBeam 1.5\eyeBeam.exe:*:Enabled:eyeBeam
[2006-10-18 20:46:20 | 00,064,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmplayer.exe:*:Enabled:Windows Media Player
[2008-10-16 14:05:13 | 00,514,560 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe
[2008-02-29 08:27:53 | 00,418,816 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe
[2008-10-16 14:05:10 | 00,590,848 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe
[2008-12-17 20:01:53 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox
File not found -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
File not found -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)
File not found -- C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client
File not found -- C:\Program Files\ProxyWay\proxyway.exe:*:Enabled:ProxyWay Extra
[2007-09-18 14:11:20 | 01,422,592 | ---- | M] (Sony Creative Software Inc.) -- C:\Program Files\Sony\Media Manager for PSP 2.5\MediaManager.exe:*:Enabled:Media Manager for PSP 2.5
File not found -- C:\Program Files\Xi\NetXfer\NetTransport.exe:*:Enabled:NetXfer Download Manager
File not found -- C:\Documents and Settings\Devansh\Desktop\CryptLoad_RS_MUDownloader_v1.04_ByMechodownload\CryptLoad RS&MUDownloader v1.04_ByMechodownload\CryptLoad_1.0.4\RouterClient.exe:*:Enabled:RouterClient
File not found -- C:\Program Files\CSS & HL2 - Final Pack\hl2.exe:*:Enabled:hl2
[2008-04-13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
File not found -- C:\srcds\srcds.exe:*:Enabled:srcds
File not found -- C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC
[2007-12-03 19:28:42 | 00,254,976 | ---- | M] (Azureus Inc) -- C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus
File not found -- C:\Program Files\SmsDiscount.com\SmsDiscount\SmsDiscount.exe:*:Enabled:SmsDiscount
[2008-05-21 04:37:24 | 12,844,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook
[2008-11-05 16:34:16 | 00,318,976 | ---- | M] (Octoshape ApS) -- C:\Documents and Settings\Devansh\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player
[2008-11-20 13:20:48 | 14,294,824 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
File not found -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
[2008-06-10 00:21:01 | 00,135,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\system32\java.exe:*:Enabled:Java™ Platform SE binary
[2008-06-10 00:21:04 | 00,135,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\system32\javaw.exe:*:Enabled:Java™ Platform SE binary
========== HKEY_USERS Protocol Defaults ==========
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned
========== HKEY_USERS Protocol Defaults ==========
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned
========== HKEY_USERS Protocol Defaults ==========
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned
========== HKEY_USERS Protocol Defaults ==========
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned
========== (O18) Protocol Handlers ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2007-08-28 23:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2007-08-28 23:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2007-08-28 23:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006-10-26 13:45:02 | 00,873,216 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} (HKLM) [HxProtocol Class])
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007-05-10 12:45:34 | 08,069,464 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])
========== (O18) Protocol Filters ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2006-10-26 21:41:48 | 00,044,344 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL text/xml:{807563E5-5146-11D5-A672-00B0D022E945} (HKLM) [Microsoft Office InfoPath XML Mime Filter]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00CD55D6-EE5A-4570-9875-8A306628C032}"=Cisco Systems VPN Client 4.7.00.0533
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}"=ATI Control Panel
"{0D6AACB5-9663-472D-8D29-1DC8F4D3E6FF}"=Sony Media Manager for PSP 2.5
"{2A267BC6-F77F-4DD4-825F-7AEB1F68B4B1}"=HpSdpAppCoreApp
"{318AB667-3230-41B5-A617-CB3BF748D371}"=iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0150160}"=J2SE Runtime Environment 5.0 Update 16
"{3248F0A8-6813-11D6-A77B-00B0D0160010}"=Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java™ 6 Update 7
"{32A3A4F4-B792-11D6-A78A-00B0D0150160}"=J2SE Development Kit 5.0 Update 16
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{46DDF76F-ACD4-42BC-B48F-B89C4EE2E1A9}"=Easy CD & DVD Creator 6
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}"=Microsoft SQL Server Setup Support Files (English)
"{671CB656-DCED-4C30-90AD-CA75CB5C7BAA}"=Windows Live Local Add-in for Microsoft Office Outlook
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{7148F0A8-6813-11D6-A77B-00B0D0142000}"=Java 2 Runtime Environment, SE v1.4.2
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}"=Microsoft Silverlight
"{90120000-0010-0409-0000-0000000FF1CE}"=Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}"=Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}"=Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}"=Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}"=Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}"=Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}"=Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}"=Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{3EC77D26-799B-4CD8-914F-C1565E796173}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}"=Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{430971B1-C31E-45DA-81E0-72C095BAB72C}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}"=Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0020-0409-0000-0000000FF1CE}"=Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}"=Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}"=Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{FAD8A83E-9BAC-4179-9268-A35948034D85}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}"=Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{FAD8A83E-9BAC-4179-9268-A35948034D85}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}"=Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{903A0409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Project Standard 2003
"{90510409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Visio Professional 2003
"{91120000-0014-0000-0000-0000000FF1CE}"=Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{924EB80F-C2BB-4B9F-8412-88BBA937393F}"=MobileMe Control Panel
"{98E8A2EF-4EAE-43B8-A172-74842B764777}"=InterVideo WinDVD
"{A06275F4-324B-4E85-95E6-87B2CD729401}"=Windows Defender
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}"=MSXML 6.0 Parser
"{A8B94669-8654-4126-BD28-D0D2412CDED6}"=TI Connect 1.6
"{A8F2DCDE-AE4E-4AC9-BECD-496FB80FBF6A}"=Notebook Utilities
"{AC76BA86-7AD7-1033-7B44-A71000000002}"=Adobe Reader 7.1.0
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}"=HP Product Detection
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}"=Microsoft SQL Server VSS Writer
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}"=Apple Mobile Device Support
"{F07AE5AB-516C-4CEB-A0AA-AD083B9182C6}"=TI NoteFolio Creator
"{F958CA02-BB40-4007-894B-258729456EE4}"=QuickTime
"{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}"=Microsoft SQL Server Native Client
"Adobe Acrobat 5.0"=Adobe Acrobat 5.0
"Adobe Flash Player ActiveX"=Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player Plugin
"Adobe Shockwave Player"=Adobe Shockwave Player 11
"ah"=ah Screen Saver
"ATI Display Driver"=ATI Display Driver
"Autodesk WHIP!"=Autodesk WHIP! (Release 4.0-102)
"AVG7Uninstall"=AVG 7.5
"BootSkin"=BootSkin
"Broadcom 802.11 Application"=Broadcom 802.11 Control Panel
"Broadcom 802.11b Network Adapter"=Broadcom 802.11 Driver
"Channel Master"=Channel Master
"CNXT_MODEM_PCI_VEN_10B9&DEV_5457&SUBSYS_0850103C"=Conexant 56K ACLink Modem
"Compare It!_is1"=Compare It! 3.1
"Conexant PCI Audio"=Conexant AC-Link Audio
"Free Video to iPod Converter_is1"=Free Video to iPod Converter version 3.1
"Graph paper printer"=Graph paper printer
"HijackThis"=HijackThis 2.0.2
"IconPackager"=IconPackager
"IE4Dev"=Microsoft Script Debugger
"LogonStudio"=LogonStudio
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Mozilla Firefox (3.0.5)"=Mozilla Firefox (3.0.5)
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"ObjectDock"=ObjectDock
"PROR"=Microsoft Office Professional 2007
"QT4HPOT"=One-Touch Buttons
"RealPlayer 6.0"=RealPlayer
"Shock Aero 3D v0.97"=Shock Aero 3D v0.97
"ST6UNST #1"=C-Force
"SynTPDeinstKey"=Synaptics Pointing Device Driver
"The Journal 4_is1"=The Journal 4
"Trillian"=Trillian
"UnityWebPlayer"=Unity Web Player
"VSHD Edit_is1"=VSHD Edit 1.7
"VSHD Loader_is1"=VSHD Loader 1.1
"Vuze"=Vuze
"WIC"=Windows Imaging Component
"WindowBlinds"=WindowBlinds
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 3
"WinFlip 0.50"=WinFlip 0.50
"WinRAR archiver"=WinRAR archiver
"winscp3_is1"=WinSCP 4.1.6
"WinZip"=WinZip
"WMCSetup"=Windows Media Connect
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"WZCLINE"=WinZip Command Line Support Add-On 2.0
"XP All-In-One Styler_is1"=XP All-In-One Styler 2.0.1
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape add-in for Adobe Flash Player"=Octoshape add-in for Adobe Flash Player
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-248443124-3853638973-3280566910-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape add-in for Adobe Flash Player"=Octoshape add-in for Adobe Flash Player
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 2008-12-31 11:22:53 AM | Computer Name = STUDYTIME | Source = WLTRYSVC | ID = 2
Description = SetServiceStatus() failed
Error - 2009-01-03 3:23:11 PM | Computer Name = STUDYTIME | Source = Application Error | ID = 1000
Description = Faulting application iconexplorer.exe, version 3.1.0.0, faulting module
iconexplorer.exe, version 3.1.0.0, fault address 0x000085b3.
Error - 2009-01-03 4:16:09 PM | Computer Name = STUDYTIME | Source = MPSampleSubmission | ID = 5000
Description = EventType avsubmit, P1 windefend, P2 1.1.4205.0, P3 unspecified, P4
1.49.1289.0, P5 trojan_win32_vundo.gen!c, P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL.
Error - 2009-01-03 4:22:48 PM | Computer Name = STUDYTIME | Source = Application Hang | ID = 1002
Description = Hanging application rundll32.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 2009-01-04 12:09:51 AM | Computer Name = STUDYTIME | Source = WLTRYSVC | ID = 2
Description = SetServiceStatus() failed
Error - 2009-01-04 12:19:28 PM | Computer Name = STUDYTIME | Source = MPSampleSubmission | ID = 5000
Description = EventType avsubmit, P1 windefend, P2 1.1.4205.0, P3 unspecified, P4
1.49.1289.0, P5 trojan_win32_vundo.gen!y, P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL.
Error - 2009-01-04 12:20:38 PM | Computer Name = STUDYTIME | Source = MPSampleSubmission | ID = 5000
Description = EventType avsubmit, P1 windefend, P2 1.1.4205.0, P3 unspecified, P4
1.49.1289.0, P5 trojan_win32_vundo.gen!y, P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL.
Error - 2009-01-04 12:26:08 PM | Computer Name = STUDYTIME | Source = WLTRYSVC | ID = 2
Description = SetServiceStatus() failed
Error - 2009-01-04 5:25:12 PM | Computer Name = STUDYTIME | Source = WinDefendRtp | ID = 3003
Description = %%827 Real-Time Protection checkpoint has encountered an error and
failed to start. User: STUDYTIME\Devansh Checkpoint ID: 1 Error Code: 0x80070005 Error
description: Access is denied.
Error - 2009-01-04 5:25:12 PM | Computer Name = STUDYTIME | Source = WinDefendRtp | ID = 3003
Description = %%827 Real-Time Protection checkpoint has encountered an error and
failed to start. User: STUDYTIME\Devansh Checkpoint ID: 1 Error Code: 0x8000ffff Error
description: Catastrophic failure
[ System Events ]
Error - 2009-01-04 5:02:34 PM | Computer Name = STUDYTIME | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
IntelIde PCIIde ViaIde
Error - 2009-01-04 5:02:38 PM | Computer Name = STUDYTIME | Source = Service Control Manager | ID = 7034
Description = The SQL Server VSS Writer service terminated unexpectedly. It has
done this 1 time(s).
Error - 2009-01-04 5:12:46 PM | Computer Name = STUDYTIME | Source = Service Control Manager | ID = 7022
Description = The SQL Server VSS Writer service hung on starting.
Error - 2009-01-04 5:12:46 PM | Computer Name = STUDYTIME | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
IntelIde PCIIde ViaIde
Error - 2009-01-04 5:12:46 PM | Computer Name = STUDYTIME | Source = Service Control Manager | ID = 7034
Description = The SQL Server VSS Writer service terminated unexpectedly. It has
done this 1 time(s).
Error - 2009-01-04 5:13:30 PM | Computer Name = STUDYTIME | Source = Service Control Manager | ID = 7031
Description = The Windows Media Player Network Sharing Service service terminated
unexpectedly. It has done this 1 time(s). The following corrective action will
be taken in 30000 milliseconds: Restart the service.
Error - 2009-01-05 3:33:47 PM | Computer Name = STUDYTIME | Source = Service Control Manager | ID = 7022
Description = The SQL Server VSS Writer service hung on starting.
Error - 2009-01-05 3:33:50 PM | Computer Name = STUDYTIME | Source = Service Control Manager | ID = 7022
Description = The WLTRYSVC service hung on starting.
Error - 2009-01-05 3:33:50 PM | Computer Name = STUDYTIME | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
IntelIde PCIIde ViaIde
Error - 2009-01-05 3:34:03 PM | Computer Name = STUDYTIME | Source = Service Control Manager | ID = 7034
Description = The SQL Server VSS Writer service terminated unexpectedly. It has
done this 1 time(s).
< End of report >
GMER RootKit
GMER 1.0.12.12011 - http://www.gmer.net
Rootkit scan 2009-01-05 15:39:37
Windows 5.1.2600 Service Pack 3
---- Registry - GMER 1.0.12 ----
Reg \Registry\USER\S-1-5-21-248443124-3853638973-3280566910-1008\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4AAF8D7F-BF0D-7FEC-2B70-27A003C489A7}@haaeopjngcmedbcn 0x6E 0x61 0x64 0x68 ...
Reg \Registry\USER\S-1-5-21-248443124-3853638973-3280566910-1008\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4AAF8D7F-BF0D-7FEC-2B70-27A003C489A7}@japdponkiokkdbgagdbf 0x6F 0x61 0x70 0x64 ...
---- Files - GMER 1.0.12 ----
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0CE7F3C9
ADS C:\Documents and Settings\All Users\Application Data\TEMP:6900017D
ADS C:\RECYCLER\S-1-5-21-248443124-3853638973-3280566910-1008\Dc3\f_system:test
ADS C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP568\A0286743.exe:changelist
ADS C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP569\A0286757.exe:changelist
ADS C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP570\A0287903.exe:changelist
ADS C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP570\A0287904.exe:changelist
ADS C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP570\A0287905.exe:changelist
ADS C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP570\A0287906.exe:changelist
ADS C:\WINDOWS\system32\bxubvkzk.exe:changelist
---- EOF - GMER 1.0.12 ----
OTViewIT:
OTViewIt logfile created on: 2009-01-05 2:37:24 PM - Run
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Devansh\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy-MM-dd
958.98 Mb Total Physical Memory | 500.36 Mb Available Physical Memory | 52.18% Memory free
1.51 Gb Paging File | 1.16 Gb Available in Paging File | 76.39% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.30 Gb Total Space | 8.70 Gb Free Space | 29.68% Space Free | Partition Type: NTFS
Drive D: | 26.58 Gb Total Space | 25.01 Gb Free Space | 94.11% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: STUDYTIME
Current User Name: Devansh
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days
========== Processes ==========
[2006-11-03 18:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
[2008-11-07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2008-02-29 08:27:53 | 00,418,816 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG7\avgamsvr.exe
[2008-02-29 08:28:16 | 00,049,664 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG7\avgupsvc.exe
[2005-08-12 16:37:50 | 01,504,256 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
[2002-08-15 13:11:00 | 00,151,552 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\HPConfig.exe
[2003-01-14 17:12:14 | 00,053,248 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
[2004-01-13 08:51:10 | 00,045,056 | ---- | M] () -- C:\WINDOWS\system32\WLTRYSVC.EXE
[2001-05-01 20:06:22 | 00,053,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MsPMSPSv.exe
[2006-10-18 19:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
[2008-10-16 14:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2004-01-13 08:51:08 | 00,499,712 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\BCMWLTRY.EXE
[2002-08-14 20:29:38 | 00,290,816 | ---- | M] (ATI Technologies, Inc.) -- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[2003-03-13 10:14:42 | 00,102,400 | ---- | M] (Dritek System Inc.) -- C:\Program Files\HPQ\One-Touch\ONETOUCH.EXE
[2005-02-02 19:12:24 | 00,102,492 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
[2005-02-02 19:11:14 | 00,692,316 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[2003-05-21 15:35:50 | 00,004,608 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\carpserv.exe
[2008-10-16 14:05:10 | 00,590,848 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG7\avgcc.exe
[2008-01-28 19:39:59 | 00,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[2008-06-10 03:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[2006-10-18 19:05:26 | 00,204,288 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
[2008-04-23 02:38:16 | 00,029,696 | -H-- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
[2008-10-16 14:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2008-12-17 20:01:53 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2009-01-05 14:37:12 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Devansh\Desktop\OTViewIt.exe
========== (O23) Win32 Services ==========
[2008-11-07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2007-10-24 00:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2008-02-29 08:27:53 | 00,418,816 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG7\avgamsvr.exe -- (Avg7Alrt [Auto | Running])
[2008-02-29 08:28:16 | 00,049,664 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG7\avgupsvc.exe -- (Avg7UpdSvc [Auto | Running])
[2007-10-24 00:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2005-08-12 16:37:50 | 01,504,256 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND [Auto | Running])
[2002-08-15 13:11:00 | 00,151,552 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\HPConfig.exe -- (HPConfig [Auto | Running])
[2003-01-14 17:12:14 | 00,053,248 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe -- (HPWirelessMgr [Auto | Running])
[2005-04-03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2008-11-20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
File not found -- -- (MSSQLServerADHelper [On_Demand | Stopped])
[2007-08-24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
[2006-10-26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2007-02-10 05:29:56 | 00,089,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter [Auto | Stopped])
[2006-11-03 18:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend [Auto | Running])
[2004-01-13 08:51:10 | 00,045,056 | ---- | M] () -- C:\WINDOWS\system32\WLTRYSVC.EXE -- (WLTRYSVC [Auto | Running])
[2001-05-01 20:06:22 | 00,053,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MsPMSPSv.exe -- (WMDM PMSP Service [Auto | Running])
[2006-10-18 19:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [Auto | Running])
========== Driver Services ==========
[2001-08-17 16:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde [Boot | Running])
[2003-07-10 06:16:46 | 00,026,112 | R--- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\drivers\aliirda.sys -- (ALiIRDA [On_Demand | Running])
[2005-11-21 00:48:20 | 00,016,512 | ---- | M] (Adaptec) -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32 [Auto | Running])
[2004-05-15 18:29:12 | 00,701,952 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
[2008-02-29 08:28:20 | 00,821,856 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\system32\drivers\avg7core.sys -- (Avg7Core [System | Running])
[2008-02-29 08:28:25 | 00,004,224 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\system32\drivers\avg7rsw.sys -- (Avg7RsW [System | Running])
[2008-02-29 08:28:26 | 00,027,776 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\system32\drivers\avg7rsxp.sys -- (Avg7RsXP [System | Running])
[2008-02-29 08:29:50 | 00,010,760 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\system32\drivers\avgclean.sys -- (AvgClean [System | Running])
[2006-10-12 23:26:56 | 00,604,928 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX [On_Demand | Running])
[2009-01-02 15:50:39 | 00,163,456 | ---- | M] () -- C:\WINDOWS\system32\drivers\vidstub.sys -- (BootScreen [Boot | Running])
[2002-07-18 08:07:50 | 00,023,602 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atisgkaf.SYS -- (caboagp [Boot | Running])
[2004-02-17 17:58:40 | 00,292,352 | ---- | M] (Conexant Systems Inc.) -- C:\WINDOWS\system32\drivers\caliaud.sys -- (CALIAUD [On_Demand | Running])
[2004-02-17 17:59:18 | 00,273,536 | ---- | M] (Conexant Systems Inc.) -- C:\WINDOWS\system32\drivers\calihal.sys -- (CALIHALA [On_Demand | Running])
[2008-01-04 16:58:46 | 00,009,336 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp [System | Running])
[2008-01-04 16:58:46 | 00,009,464 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k [System | Running])
[2003-01-01 07:34:42 | 00,259,456 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys -- (cdudf_xp [System | Running])
[2001-08-17 02:13:20 | 00,027,164 | ---- | M] (Xircom, Inc.) -- C:\WINDOWS\system32\drivers\CE3N5.SYS -- (CE3 [On_Demand | Stopped])
[2005-05-17 03:51:34 | 00,005,315 | ---- | M] (Cisco Systems, Inc.) -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA [On_Demand | Stopped])
[2005-08-12 16:35:56 | 00,305,739 | ---- | M] (Cisco Systems, Inc.) -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA [On_Demand | Running])
[2002-10-16 07:15:54 | 00,014,543 | ---- | M] (Dritek System Inc.) -- C:\WINDOWS\system32\drivers\DKbFltr.SYS -- (DKbFltr [On_Demand | Running])
[2004-11-03 11:07:24 | 00,146,888 | ---- | M] (Deterministic Networks, Inc.) -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE [On_Demand | Running])
[2008-04-13 13:39:46 | 00,206,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\dot4.sys -- (Dot4 [On_Demand | Stopped])
[2001-08-17 12:47:32 | 00,012,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\Dot4Prt.sys -- (Dot4Print [On_Demand | Stopped])
[2003-07-16 20:01:02 | 00,028,280 | ---- | M] (National Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\DP83815.sys -- (DP83815 [On_Demand | Stopped])
[2003-07-18 20:25:16 | 00,021,993 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K [On_Demand | Stopped])
[2008-04-17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2002-07-17 15:09:12 | 00,014,504 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\drivers\hpci.sys -- (HPCI [On_Demand | Running])
[2004-12-15 13:18:28 | 00,205,696 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFHWALI.sys -- (HSFHWALI [On_Demand | Running])
[2003-05-21 15:31:22 | 01,063,040 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP [On_Demand | Stopped])
[2004-12-15 14:19:08 | 01,038,208 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV [On_Demand | Running])
[2008-04-13 13:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Stopped])
[2006-09-18 17:38:26 | 00,015,584 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X [Auto | Running])
[2006-06-19 13:26:58 | 00,012,672 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
[2003-07-18 20:25:14 | 00,022,745 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K [On_Demand | Running])
[2001-08-17 16:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])
[2008-04-13 13:53:09 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm [On_Demand | Stopped])
[2003-03-30 21:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2003-07-18 20:25:10 | 00,118,409 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k [System | Running])
[2008-01-04 16:58:46 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
[2007-01-18 10:24:58 | 00,026,496 | R--- | M] (Research in Motion Ltd) -- C:\WINDOWS\system32\drivers\RimSerial.sys -- (RimVSerPort [On_Demand | Stopped])
[2003-03-30 21:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rootmdm.sys -- (ROOTMODEM [On_Demand | Stopped])
[2008-04-13 13:40:48 | 00,043,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sbp2port.sys -- (sbp2port [Boot | Stopped])
[2007-11-13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2001-08-17 02:10:28 | 00,035,913 | ---- | M] (SMC) -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA [On_Demand | Stopped])
[2003-05-21 15:35:56 | 00,030,592 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\strmdisp.sys -- (StreamDispatcher [Auto | Running])
[2005-02-02 18:59:00 | 00,191,456 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP [On_Demand | Running])
[2004-02-04 10:27:56 | 00,049,536 | ---- | M] (Texas Instruments Incorporated) -- C:\WINDOWS\system32\drivers\tiehdusb.sys -- (TIEHDUSB [On_Demand | Stopped])
[2003-07-18 20:22:06 | 00,213,120 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\UdfReadr_xp.sys -- (UdfReadr_xp [System | Running])
[2008-10-01 13:01:28 | 00,032,000 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
[2005-01-26 04:22:20 | 00,280,344 | ---- | M] (Zone Labs LLC) -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant [On_Demand | Stopped])
[2004-12-15 14:18:28 | 00,703,232 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf [On_Demand | Running])
[2008-04-13 13:36:38 | 00,008,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wmiacpi.sys -- (WmiAcpi [System | Stopped])
========== (R ) Internet Explorer ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://us8l.hpwis.com/
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
"provider"=
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{affa8b5f-909b-492b-952a-bc1b2ac37395}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
[HKEY_USERS\S-1-5-21-248443124-3853638973-3280566910-1008\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://us8l.hpwis.com/
[HKEY_USERS\S-1-5-21-248443124-3853638973-3280566910-1008\Software\Microsoft\Internet Explorer\SearchURL]
""=http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
"provider"=
[HKEY_USERS\S-1-5-21-248443124-3853638973-3280566910-1008\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{affa8b5f-909b-492b-952a-bc1b2ac37395}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
[HKEY_USERS\S-1-5-21-248443124-3853638973-3280566910-1008\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-248443124-3853638973-3280566910-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
========== (O1) Hosts File ==========
HOSTS File = (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
========== (O2) BHO's ==========
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{02478D38-C3F9-4efb-9B51-7695ECA05670} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{2769040C-B5E5-446F-95D1-CCCE449BF08D} (HKLM) -- C:\WINDOWS\system32\jkkLDTmM.dll File not found
{3049C3E9-B461-4BC5-8870-4C09146192CA} (HKLM) -- C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
========== (O3) Toolbars ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{affa8b5f-909b-492b-952a-bc1b2ac37395}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{D0943516-5076-4020-A3B5-AEFAF26AB263}" (HKLM) -- C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll File not found
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{AFFA8B5F-909B-492B-952A-BC1B2AC37395}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
[HKEY_USERS\S-1-5-21-248443124-3853638973-3280566910-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
[HKEY_USERS\S-1-5-21-248443124-3853638973-3280566910-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{AFFA8B5F-909B-492B-952A-BC1B2AC37395}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
[HKEY_USERS\S-1-5-21-248443124-3853638973-3280566910-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
========== (O4) Run Keys ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
"AVG7_CC"=C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP (GRISOFT, s.r.o.)
"CARPService"=carpserv.exe (Conexant Systems, Inc.)
"Cpqset"=C:\Program Files\HPQ\Default Settings\cpqset.exe ()
"Display Settings"=C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s (Hewlett-Packard)
"LanTalk.NET"=C:\Program Files\CEZEO software\LanTalk NET\LanTalk.exe File not found
"Malwarebytes Anti-Malware Reboot"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript File not found
"QT4HPOT"=C:\Program Files\HPQ\One-Touch\OneTouch.EXE (Dritek System Inc.)
"RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" (Roxio)
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
"TV Now"=C:\Program Files\HPQ\Notebook Utilities\TvNow.exe /RK ()
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" File not found
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C:\Documents and Settings\Devansh\Desktop\BlackBerry_JDE_Components_4.5.0.exe"=C:\Documents and Settings\Devansh\Desktop\BlackBerry_JDE_Components_4.5.0.exe File not found
"cfgcomadm"=C:\WINDOWS\system32\nevyrqly.exe File not found
"CryptLoad"=C:\Documents and Settings\Devansh\Desktop\CryptLoad_RS_MUDownloader_v1.04_ByMechodownload\CryptLoad RS&MUDownloader v1.04_ByMechodownload\CryptLoad_1.0.4\RouterClient.exe File not found
"ProxyWay"=C:\Program Files\ProxyWay\proxyway.exe File not found
"SmsDiscount"="C:\Program Files\SmsDiscount.com\SmsDiscount\SmsDiscount.exe" -nosplash -minimized File not found
"Uniblue RegistryBooster 2"=C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S File not found
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"=C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (GRISOFT, s.r.o.)
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (Microsoft Corporation)
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"=C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (GRISOFT, s.r.o.)
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-248443124-3853638973-3280566910-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C:\Documents and Settings\Devansh\Desktop\BlackBerry_JDE_Components_4.5.0.exe"=C:\Documents and Settings\Devansh\Desktop\BlackBerry_JDE_Components_4.5.0.exe File not found
"cfgcomadm"=C:\WINDOWS\system32\nevyrqly.exe File not found
"CryptLoad"=C:\Documents and Settings\Devansh\Desktop\CryptLoad_RS_MUDownloader_v1.04_ByMechodownload\CryptLoad RS&MUDownloader v1.04_ByMechodownload\CryptLoad_1.0.4\RouterClient.exe File not found
"ProxyWay"=C:\Program Files\ProxyWay\proxyway.exe File not found
"SmsDiscount"="C:\Program Files\SmsDiscount.com\SmsDiscount\SmsDiscount.exe" -nosplash -minimized File not found
"Uniblue RegistryBooster 2"=C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S File not found
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
========== (O4) Startup Folders ==========
[2008-04-23 02:38:16 | 00,029,696 | -H-- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
[2008-05-15 09:54:00 | 00,006,144 | R--- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{00CD55D6-EE5A-4570-9875-8A306628C032}\Icon3E5562ED7.ico
========== (O6 & O7) Current Version Policies ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"AllowLegacyWebView"=1
"AllowUnhashedWebView"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run]
"YBlEiyprNI"=C:\Documents and Settings\All Users\Application Data\xwzsbyts\tuxwlavi.exe -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableRegistryTools"=0
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"CDRAutoRun"=0
"NoDriveAutoRun"=67108863
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"CDRAutoRun"=0
"NoDriveAutoRun"=67108863
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
[HKEY_USERS\S-1-5-21-248443124-3853638973-3280566910-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
========== (O8) IE Context Menu Extensions ==========
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [2008-12-12 15:30:30 | 17,858,560 | ---- | M] (Microsoft Corporation)
[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE File not found
[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE File not found
[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found
[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found
[HKEY_USERS\S-1-5-21-248443124-3853638973-3280566910-1008\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [2008-12-12 15:30:30 | 17,858,560 | ---- | M] (Microsoft Corporation)
========== (O9) IE Extensions ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [2008-06-10 03:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{5BB29DC6-4046-4aa1-B590-C29372456BA0}: Button: SiteCatalyst ClickMap -- %SystemRoot%\Downloaded Program Files\ClickMap.dll File not found
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [2006-10-26 20:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008-04-13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008-04-13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008-04-13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003-02-28 18:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{5BB29DC6-4046-4aa1-B590-C29372456BA0} [HKLM] -> %SystemRoot%\Downloaded Program Files\ClickMap.dll [SiteCatalyst ClickMap] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [Research] -> [2006-10-26 20:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008-04-13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008-04-13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003-02-28 18:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{5BB29DC6-4046-4aa1-B590-C29372456BA0} [HKLM] -> %SystemRoot%\Downloaded Program Files\ClickMap.dll [SiteCatalyst ClickMap] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [Research] -> [2006-10-26 20:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008-04-13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008-04-13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003-02-28 18:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{5BB29DC6-4046-4aa1-B590-C29372456BA0} [HKLM] -> %SystemRoot%\Downloaded Program Files\ClickMap.dll [SiteCatalyst ClickMap] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [Research] -> [2006-10-26 20:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008-04-13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008-04-13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-248443124-3853638973-3280566910-1008\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003-02-28 18:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{5BB29DC6-4046-4aa1-B590-C29372456BA0} [HKLM] -> %SystemRoot%\Downloaded Program Files\ClickMap.dll [SiteCatalyst ClickMap] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [Research] -> [2006-10-26 20:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008-04-13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008-04-13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
========== (O12) Internet Explorer Plugins ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.micro...d...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery
========== (O13) Default Prefixes ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://
========== (O15) Trusted Sites ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
33 domain(s) and sub-domain(s) not assigned to a zone.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
32 domain(s) and sub-domain(s) not assigned to a zone.
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
32 domain(s) and sub-domain(s) not assigned to a zone.
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
32 domain(s) and sub-domain(s) not assigned to a zone.
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
32 domain(s) and sub-domain(s) not assigned to a zone.
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
32 domain(s) and sub-domain(s) not assigned to a zone.
[HKEY_USERS\S-1-5-21-248443124-3853638973-3280566910-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
32 domain(s) and sub-domain(s) not assigned to a zone.
========== (O16) DPF ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{166B1BCA-3F9C-11CF-8075-444553540000}: http://download.macr...director/sw.cab -- Shockwave ActiveX Control
{17492023-C23A-453E-A040-C7C580BBF700}: http://go.microsoft....k/?linkid=39204 -- Windows Genuine Advantage Validation Tool
{33564D57-0000-0010-8000-00AA00389B71}: http://download.micr...922/wmv9VCM.CAB -- Reg Error: Key does not exist or could not be opened.
{35C3D91E-401A-4E45-88A5-F3B32CD72DF4}: https://udit.taxcut....html/AtxEnc.cab -- Encrypt Class
{39B0684F-D7BF-4743-B050-FDC3F48F7E3B}: http://www.fileplane...C_2.3.7.109.cab -- Reg Error: Key does not exist or could not be opened.
{483EB14D-AF1C-4951-81B0-4E2B41829FF6}: https://www.select2p...bs/QOLCheck.ocx -- QOLCheck Control
{48DD0448-9209-4F81-9F6D-D83562940134}: http://lads.myspace....ploader1006.cab -- MySpace Uploader Control
{4F1E5B1A-2A80-42CA-8532-2D05CB959537}: http://gfx2.hotmail....es/MSNPUpld.cab -- MSN Photo Upload Tool
{55E515F7-0FA2-4610-874E-028107E766A3}: http://titan.kc.hrbl...webeditpro3.cab -- eWebEditProLibCtl3.eWebEditPro
{5C6698D9-7BE4-4122-8EC5-291D84DBD4A0}: http://upload.facebo...toUploader3.cab -- Facebook Photo Uploader 4 Control
{644E432F-49D3-41A1-8DD5-E099162EEEC5}: http://security.syma...n/bin/cabsa.cab -- Symantec RuFSI Utility Class
{67DABFBF-D0AB-41FA-9C46-CC0F21721616}: http://go.divx.com/p...owserPlugin.cab -- DivXBrowserPlugin Object
{6B75345B-AA36-438A-BBE6-4078B4C6984D}: http://h20270.www2.h...ctDetection.cab -- HpProductDetection Class
{8990AFAD-D352-42AC-A72F-A660BBF6E209}: https://udit.taxcut..../AtxConsole.cab -- OfficeScan Management Console
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/...indows-i586.cab -- Java Plug-in 1.6.0_07
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.ma...t/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
{B24F0664-7DDA-40B6-B38C-A4FD68DE8685}: http://192.223.249.9...aDownloader.cab -- CentraDownloaderCtl Class
{C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3}: http://a532.g.akamai...0/installer.exe -- Virtools WebPlayer Class
{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}: http://java.sun.com/...indows-i586.cab -- Java Plug-in 1.4.2
{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}: http://java.sun.com/...indows-i586.cab -- Java Plug-in 1.5.0_16
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}: http://java.sun.com/...indows-i586.cab -- Java Plug-in 1.6.0_01
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/...indows-i586.cab -- Java Plug-in 1.6.0_07
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://download.macr...ash/swflash.cab -- Shockwave Flash Object
bandInstaller: https://sc.omniture....apInstaller.CAB -- Reg Error: Key does not exist or could not be opened.
Microsoft XML Parser for Java: -- Reg Error: Key does not exist or could not be opened.
vzTCPConfig: http://www2.verizon....vzTCPConfig.CAB -- Reg Error: Key does not exist or could not be opened.
========== (O17) DNS Name Servers ==========
{06BCDCB9-ECDD-468D-9D11-19E80EA5653B} (Servers: | Description: Broadcom 802.11b/g WLAN)
{39F39582-3B9F-43F8-B1C4-25D21A74AA9F} (Servers: | Description: )
{55F9EAFB-63EB-4971-8664-8931D1DEDA18} (Servers: | Description: 1394 Net Adapter)
{86B46416-83EB-4CEA-960A-BBAE31F59CE0} (Servers: | Description: National Semiconductor Corp. DP83815/816 10/100 MacPhyter PCI Adapter)
{FE8E1F4B-8194-4DE4-914A-A73540DFFE00} (Servers: | Description: 1394 Net Adapter)
========== (O19) User Style Sheets ==========
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles]
========== (O20) HKLM Winlogon Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"UIHost"=C:\WINDOWS\system32\logonuiX.exe
>[2009-01-02 15:50:19 | 04,966,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\logonuiX.exe
========== (O20) Winlogon Notify Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
opnkkliH: "DllName" = opnkkliH.dll -- File not found
WBSrv: "DllName" = C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll -- C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll (Stardock)
========== (O21) SSODL Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"StrUtil"={08AA84D9-CBF4-F2DD-3E1A-01F02C470590} (HKLM) -- C:\Program Files\dhahmac\StrUtil.dll File not found
========== Shell Execute Hooks ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" (HKLM) -- C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
========== Safeboot Options ==========
"AlternateShell"=cmd.exe
========== CDRom AutoRun Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1
========== MountPoints2 ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\##IBM_A31#D\Shell]
""=AutoRun
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\##IBM_A31#D\Shell\AutoRun]
""=Auto&Play
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\##IBM_A31#D\Shell\AutoRun\command]
""=Z:\Student_One_Stop.exe -- File not found
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{61ca4e41-9d88-11dd-a135-00904b4167db}\Shell\p\command]
""=C:\WINDOWS\explorer.exe -- [2008-04-13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation)
========== Files/Folders - Created Within 30 Days ==========
[2 C:\WINDOWS\*.tmp files]
[2009-01-05 14:37:05 | 00,422,912 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Devansh\Desktop\OTViewIt.exe
[2009-01-04 18:54:38 | 00,152,515 | ---- | C] () -- C:\Documents and Settings\Devansh\Desktop\SAT Writing Section!.docx
[2009-01-04 18:45:19 | 00,347,488 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Devansh\Desktop\WINWORD.EXE
[2009-01-04 16:24:15 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Devansh\Desktop\HijackThis.lnk
[2009-01-04 16:24:14 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009-01-04 16:08:57 | 00,053,248 | ---- | C] (Sysinternals) -- C:\WINDOWS\PSEXESVC.EXE
[2009-01-04 16:08:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009-01-04 16:04:51 | 00,000,221 | ---- | C] () -- C:\Boot.bak
[2009-01-04 16:04:48 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009-01-04 16:04:38 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009-01-04 16:02:32 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009-01-04 16:02:32 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009-01-04 16:02:32 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009-01-04 16:02:32 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009-01-04 16:02:32 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe
[2009-01-04 16:02:32 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009-01-04 16:02:32 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009-01-04 16:02:32 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFIND.exe
[2009-01-04 16:02:32 | 00,028,672 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009-01-04 16:02:24 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF23831.exe
[2009-01-04 11:39:39 | 00,033,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bxubvkzk.exe
@Alternate Data Stream - 124 bytes -> C:\WINDOWS\System32\bxubvkzk.exe:changelist
[2009-01-04 11:37:16 | 10,056,37632 | -HS- | C] () -- C:\hiberfil.sys
[2009-01-04 11:12:05 | 01,307,356 | -HS- | C] () -- C:\WINDOWS\System32\smsmuorw.ini
[2009-01-03 23:09:48 | 02,108,912 | -H-- | C] () -- C:\Documents and Settings\Devansh\Local Settings\Application Data\IconCache.db
[2009-01-03 18:14:39 | 04,291,481 | ---- | C] () -- C:\Documents and Settings\Devansh\Desktop\rabnebanadijodi02(www.songs.pk).mp3
[2009-01-03 18:06:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Devansh\Desktop\All Hindi
[2009-01-03 18:06:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Devansh\Desktop\All Techno
[2009-01-03 18:05:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Devansh\Desktop\All Rap Hip-Hop
[2009-01-03 18:05:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Devansh\Desktop\Desktop
[2009-01-03 15:10:10 | 00,000,314 | ---- | C] () -- C:\WINDOWS\tasks\lunywxgs.job
[2009-01-03 13:39:51 | 17,842,981 | ---- | C] () -- C:\Documents and Settings\Devansh\Desktop\The Final Shiva Arth..mp3
[2009-01-02 15:34:46 | 00,002,137 | ---- | C] () -- C:\Documents and Settings\Devansh\Desktop\iTunes.lnk
[2009-01-02 15:34:37 | 01,181,696 | ---- | C] () -- C:\Documents and Settings\Devansh\Desktop\ShockAero3D.exe
[2009-01-02 11:43:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Devansh\Desktop\All Deleted Files
[2009-01-02 10:44:13 | 00,065,536 | ---- | C] () -- C:\WINDOWS\IFinst27.exe
[2009-01-02 10:33:56 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Devansh\My Documents\ObjectDock Library
[2009-01-02 10:33:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Devansh\Local Settings\Application Data\Stardock
[2009-01-02 09:23:42 | 00,000,801 | ---- | C] () -- C:\Documents and Settings\Devansh\Desktop\ObjectDock.lnk
[2009-01-02 09:23:04 | 00,000,000 | ---D | C] -- C:\Program Files\WinFlip
[2009-01-02 08:57:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Devansh\Local Settings\Application Data\TouchStoneSoftware
[2009-01-01 18:24:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Devansh\Desktop\All Documents and Folders
[2009-01-01 18:07:40 | 00,000,000 | ---D | C] -- C:\Program Files\Shock Utility
[2009-01-01 17:59:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Devansh\My Documents\My Widgets
[2008-12-27 13:55:32 | 00,163,456 | ---- | C] () -- C:\WINDOWS\System32\drivers\vidstub.sys
[2008-12-26 19:15:32 | 00,218,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\uxtheme.backup
[2008-12-26 13:13:13 | 00,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
[2008-12-20 14:26:18 | 00,000,143 | ---- | C] () -- C:\WINDOWS\WB.ini
[2008-12-20 14:15:13 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\wbload.dll
[2008-12-20 13:52:14 | 00,000,024 | ---- | C] () -- C:\WINDOWS\LogonStudio.ini
[2008-12-20 13:44:27 | 00,045,056 | ---- | C] (Stardust Software) -- C:\WINDOWS\System32\sstunst3.exe
[2008-12-20 13:44:24 | 01,061,188 | ---- | C] () -- C:\WINDOWS\System32\ah.mx1
[2008-12-20 13:44:24 | 00,564,736 | ---- | C] (Stardust Software) -- C:\WINDOWS\System32\ah.scr
[2008-12-20 13:44:24 | 00,020,610 | ---- | C] () -- C:\WINDOWS\System32\ah.ibx
[2008-12-20 13:44:02 | 00,187,392 | ---- | C] () -- C:\WINDOWS\System32\JPGUtils.dll
[2008-12-20 13:43:59 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Stardock
[2008-12-20 13:43:58 | 00,000,000 | ---D | C] -- C:\Program Files\WinCustomize
[2008-12-20 13:41:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Devansh\Application Data\Unity
[2008-12-20 12:56:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Devansh\Local Settings\Application Data\Unity
[2008-12-20 12:56:13 | 00,000,000 | ---D | C] -- C:\Program Files\Unity
[2008-12-18 16:29:48 | 00,000,045 | ---- | C] () -- C:\TEST.XML
[2008-12-17 15:17:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\vbSkinner
[2008-12-17 15:17:16 | 00,412,672 | ---- | C] (JB) -- C:\WINDOWS\System32\VBSKPRO2.OCX
[2008-12-17 15:17:12 | 00,245,248 | ---- | C] (Tools & Components) -- C:\WINDOWS\System32\SEVXPCTL.OCX
[2008-12-17 15:17:12 | 00,145,920 | ---- | C] (Tools & Components) -- C:\WINDOWS\System32\SEVCMD3.OCX
[2008-12-17 15:16:50 | 00,000,058 | ---- | C] () -- C:\start
[2008-12-16 20:43:16 | 00,000,210 | -HS- | C] () -- C:\BOOT.BKK
[2008-12-14 18:51:49 | 00,000,784 | ---- | C] () -- C:\Documents and Settings\Devansh\Application Data\mpauth.dat
[2008-12-13 14:32:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Devansh\Local Settings\Application Data\Sample_SAT_Essays
[2008-12-13 14:26:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Devansh\Local Settings\Application Data\Conduit
========== Files - Modified Within 30 Days ==========
[22 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2009-01-05 14:37:12 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Devansh\Desktop\OTViewIt.exe
[2009-01-05 14:35:29 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009-01-05 14:34:13 | 00,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2009-01-05 14:34:10 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009-01-05 14:32:20 | 00,000,314 | ---- | M] () -- C:\WINDOWS\tasks\lunywxgs.job
[2009-01-05 14:32:20 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009-01-05 14:32:17 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009-01-05 14:32:08 | 10,056,37632 | -HS- | M] () -- C:\hiberfil.sys
[2009-01-04 18:54:40 | 00,152,515 | ---- | M] () -- C:\Documents and Settings\Devansh\Desktop\SAT Writing Section!.docx
[2009-01-04 16:24:15 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Devansh\Desktop\HijackThis.lnk
[2009-01-04 16:11:50 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009-01-04 16:11:19 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009-01-04 16:08:57 | 00,053,248 | ---- | M] (Sysinternals) -- C:\WINDOWS\PSEXESVC.EXE
[2009-01-04 16:04:52 | 00,000,291 | RHS- | M] () -- C:\boot.ini
[2009-01-04 16:02:16 | 00,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF23831.exe
[2009-01-04 11:39:40 | 00,033,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\bxubvkzk.exe
@Alternate Data Stream - 124 bytes -> C:\WINDOWS\System32\bxubvkzk.exe:changelist
[2009-01-04 11:12:14 | 01,307,356 | -HS- | M] () -- C:\WINDOWS\System32\smsmuorw.ini
[2009-01-03 23:09:48 | 02,108,912 | -H-- | M] () -- C:\Documents and Settings\Devansh\Local Settings\Application Data\IconCache.db
[2009-01-03 20:41:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009-01-03 18:14:50 | 04,291,481 | ---- | M] () -- C:\Documents and Settings\Devansh\Desktop\rabnebanadijodi02(www.songs.pk).mp3
[2009-01-03 18:10:05 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\Devansh\Desktop\iTunes.lnk
[2009-01-03 13:41:33 | 17,842,981 | ---- | M] () -- C:\Documents and Settings\Devansh\Desktop\The Final Shiva Arth..mp3
[2009-01-02 15:50:39 | 00,163,456 | ---- | M] () -- C:\WINDOWS\System32\drivers\vidstub.sys
[2009-01-02 15:50:19 | 04,966,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\logonuiX.exe
[2009-01-02 15:50:02 | 00,000,024 | ---- | M] () -- C:\WINDOWS\LogonStudio.ini
[2009-01-02 10:44:13 | 00,065,536 | ---- | M] () -- C:\WINDOWS\IFinst27.exe
[2009-01-02 09:23:42 | 00,000,801 | ---- | M] () -- C:\Documents and Settings\Devansh\Desktop\ObjectDock.lnk
[2009-01-02 08:50:47 | 00,000,221 | ---- | M] () -- C:\Boot.bak
[2009-01-02 08:43:18 | 00,000,045 | ---- | M] () -- C:\TEST.XML
[2008-12-26 13:13:13 | 00,002,560 | ---- | M] () -- C:\WINDOWS\_MSRSTRT.EXE
[2008-12-20 14:43:27 | 00,000,143 | ---- | M] () -- C:\WINDOWS\WB.ini
[2008-12-20 13:44:27 | 00,045,056 | ---- | M] (Stardust Software) -- C:\WINDOWS\System32\sstunst3.exe
[2008-12-20 13:44:24 | 01,061,188 | ---- | M] () -- C:\WINDOWS\System32\ah.mx1
[2008-12-20 13:44:24 | 00,564,736 | ---- | M] (Stardust Software) -- C:\WINDOWS\System32\ah.scr
[2008-12-20 13:44:24 | 00,020,610 | ---- | M] () -- C:\WINDOWS\System32\ah.ibx
[2008-12-17 16:11:40 | 00,361,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\TCPIP.SYS.ORIGINAL
[2008-12-17 16:11:40 | 00,361,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\TCPIP.SYS
[2008-12-17 16:11:40 | 00,361,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\TCPIP.SYS
[2008-12-17 15:33:20 | 00,000,058 | ---- | M] () -- C:\start
[2008-12-17 15:17:16 | 00,412,672 | ---- | M] (JB) -- C:\WINDOWS\System32\VBSKPRO2.OCX
[2008-12-17 15:17:12 | 00,245,248 | ---- | M] (Tools & Components) -- C:\WINDOWS\System32\SEVXPCTL.OCX
[2008-12-17 15:17:12 | 00,145,920 | ---- | M] (Tools & Components) -- C:\WINDOWS\System32\SEVCMD3.OCX
[2008-12-14 18:51:49 | 00,000,784 | ---- | M] () -- C:\Documents and Settings\Devansh\Application Data\mpauth.dat
[2008-12-14 13:59:11 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008-12-12 15:37:32 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2008-12-12 15:37:32 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2008-12-12 12:01:00 | 03,067,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2008-12-12 12:01:00 | 03,067,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2008-12-11 15:40:17 | 00,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[2008-12-09 18:24:37 | 17,593,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
< End of report >
Extras
OTViewIt Extras logfile created on: 2009-01-05 2:37:24 PM - Run
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Devansh\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy-MM-dd
958.98 Mb Total Physical Memory | 500.36 Mb Available Physical Memory | 52.18% Memory free
1.51 Gb Paging File | 1.16 Gb Available in Paging File | 76.39% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.30 Gb Total Space | 8.70 Gb Free Space | 29.68% Space Free | Partition Type: NTFS
Drive D: | 26.58 Gb Total Space | 25.01 Gb Free Space | 94.11% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: STUDYTIME
Current User Name: Devansh
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days
"Use My Stylesheet"=
"User Stylesheet"=
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.scr [@ = Reg Error: Key does not exist or could not be opened.] -- Reg Error: Key does not exist or could not be opened. File not found
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DoNotAllowExceptions"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\IcmpSettings]
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008-04-13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
File not found -- C:\Program Files\GlobalSCAPE\CuteFTP Pro\TE\ftpte.exe:*:Enabled:FTP Transfer Engine
File not found -- C:\Program Files\SecureCRT\SecureCRT.EXE:*:Enabled:SecureCRT Application
File not found -- C:\Program Files\StarNet\X-Win32\xwin32.exe:*:Enabled:X-Win32 X-Server
[2008-04-13 19:12:15 | 01,032,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\NetMeeting\conf.exe:*:Disabled:Windows® NetMeeting®
[2008-04-13 19:12:20 | 00,042,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ftp.exe:*:Enabled:File Transfer Program
File not found -- C:\Program Files\Altova\xmlspy\XMLSPY.exe:*:Enabled:XMLSPY
File not found -- C:\Program Files\Altova\xmlspy\StylesheetDesigner.exe:*:Enabled:Stylesheet Designer
[2008-04-13 19:12:22 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer
File not found -- C:\Program Files\CentraOne\bin\launcher.exe:*:Enabled:CentraOne Launcher
File not found -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
File not found -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)
[2008-04-13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008-04-13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
File not found -- C:\Program Files\SecureCRT\SecureCRT.EXE:*:Enabled:SecureCRT Application
[2008-04-13 19:12:15 | 01,032,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting®
File not found -- C:\Program Files\Altova\xmlspy\XMLSPY.exe:*:Enabled:XMLSPY
File not found -- C:\Program Files\GlobalSCAPE\CuteFTP Pro\TE\ftpte.exe:*:Enabled:FTP Transfer Engine
[2008-04-13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
File not found -- C:\Program Files\CounterPath\X-Lite\x-lite.exe:*:Enabled:X-Lite
File not found -- C:\Program Files\CounterPath\eyeBeam 1.5\eyeBeam.exe:*:Enabled:eyeBeam
[2006-10-18 20:46:20 | 00,064,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmplayer.exe:*:Enabled:Windows Media Player
[2008-10-16 14:05:13 | 00,514,560 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe
[2008-02-29 08:27:53 | 00,418,816 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe
[2008-10-16 14:05:10 | 00,590,848 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe
[2008-12-17 20:01:53 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox
File not found -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
File not found -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)
File not found -- C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client
File not found -- C:\Program Files\ProxyWay\proxyway.exe:*:Enabled:ProxyWay Extra
[2007-09-18 14:11:20 | 01,422,592 | ---- | M] (Sony Creative Software Inc.) -- C:\Program Files\Sony\Media Manager for PSP 2.5\MediaManager.exe:*:Enabled:Media Manager for PSP 2.5
File not found -- C:\Program Files\Xi\NetXfer\NetTransport.exe:*:Enabled:NetXfer Download Manager
File not found -- C:\Documents and Settings\Devansh\Desktop\CryptLoad_RS_MUDownloader_v1.04_ByMechodownload\CryptLoad RS&MUDownloader v1.04_ByMechodownload\CryptLoad_1.0.4\RouterClient.exe:*:Enabled:RouterClient
File not found -- C:\Program Files\CSS & HL2 - Final Pack\hl2.exe:*:Enabled:hl2
[2008-04-13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
File not found -- C:\srcds\srcds.exe:*:Enabled:srcds
File not found -- C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC
[2007-12-03 19:28:42 | 00,254,976 | ---- | M] (Azureus Inc) -- C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus
File not found -- C:\Program Files\SmsDiscount.com\SmsDiscount\SmsDiscount.exe:*:Enabled:SmsDiscount
[2008-05-21 04:37:24 | 12,844,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook
[2008-11-05 16:34:16 | 00,318,976 | ---- | M] (Octoshape ApS) -- C:\Documents and Settings\Devansh\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player
[2008-11-20 13:20:48 | 14,294,824 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
File not found -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
[2008-06-10 00:21:01 | 00,135,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\system32\java.exe:*:Enabled:Java™ Platform SE binary
[2008-06-10 00:21:04 | 00,135,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\system32\javaw.exe:*:Enabled:Java™ Platform SE binary
========== HKEY_USERS Protocol Defaults ==========
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned
========== HKEY_USERS Protocol Defaults ==========
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned
========== HKEY_USERS Protocol Defaults ==========
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned
========== HKEY_USERS Protocol Defaults ==========
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned
========== (O18) Protocol Handlers ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2007-08-28 23:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2007-08-28 23:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2007-08-28 23:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006-10-26 13:45:02 | 00,873,216 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} (HKLM) [HxProtocol Class])
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007-05-10 12:45:34 | 08,069,464 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])
========== (O18) Protocol Filters ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2006-10-26 21:41:48 | 00,044,344 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL text/xml:{807563E5-5146-11D5-A672-00B0D022E945} (HKLM) [Microsoft Office InfoPath XML Mime Filter]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00CD55D6-EE5A-4570-9875-8A306628C032}"=Cisco Systems VPN Client 4.7.00.0533
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}"=ATI Control Panel
"{0D6AACB5-9663-472D-8D29-1DC8F4D3E6FF}"=Sony Media Manager for PSP 2.5
"{2A267BC6-F77F-4DD4-825F-7AEB1F68B4B1}"=HpSdpAppCoreApp
"{318AB667-3230-41B5-A617-CB3BF748D371}"=iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0150160}"=J2SE Runtime Environment 5.0 Update 16
"{3248F0A8-6813-11D6-A77B-00B0D0160010}"=Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java™ 6 Update 7
"{32A3A4F4-B792-11D6-A78A-00B0D0150160}"=J2SE Development Kit 5.0 Update 16
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{46DDF76F-ACD4-42BC-B48F-B89C4EE2E1A9}"=Easy CD & DVD Creator 6
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}"=Microsoft SQL Server Setup Support Files (English)
"{671CB656-DCED-4C30-90AD-CA75CB5C7BAA}"=Windows Live Local Add-in for Microsoft Office Outlook
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{7148F0A8-6813-11D6-A77B-00B0D0142000}"=Java 2 Runtime Environment, SE v1.4.2
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}"=Microsoft Silverlight
"{90120000-0010-0409-0000-0000000FF1CE}"=Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}"=Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}"=Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}"=Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}"=Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}"=Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}"=Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}"=Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{3EC77D26-799B-4CD8-914F-C1565E796173}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}"=Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{430971B1-C31E-45DA-81E0-72C095BAB72C}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}"=Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0020-0409-0000-0000000FF1CE}"=Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}"=Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}"=Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{FAD8A83E-9BAC-4179-9268-A35948034D85}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}"=Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{FAD8A83E-9BAC-4179-9268-A35948034D85}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}"=Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{903A0409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Project Standard 2003
"{90510409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Visio Professional 2003
"{91120000-0014-0000-0000-0000000FF1CE}"=Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{924EB80F-C2BB-4B9F-8412-88BBA937393F}"=MobileMe Control Panel
"{98E8A2EF-4EAE-43B8-A172-74842B764777}"=InterVideo WinDVD
"{A06275F4-324B-4E85-95E6-87B2CD729401}"=Windows Defender
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}"=MSXML 6.0 Parser
"{A8B94669-8654-4126-BD28-D0D2412CDED6}"=TI Connect 1.6
"{A8F2DCDE-AE4E-4AC9-BECD-496FB80FBF6A}"=Notebook Utilities
"{AC76BA86-7AD7-1033-7B44-A71000000002}"=Adobe Reader 7.1.0
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}"=HP Product Detection
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}"=Microsoft SQL Server VSS Writer
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}"=Apple Mobile Device Support
"{F07AE5AB-516C-4CEB-A0AA-AD083B9182C6}"=TI NoteFolio Creator
"{F958CA02-BB40-4007-894B-258729456EE4}"=QuickTime
"{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}"=Microsoft SQL Server Native Client
"Adobe Acrobat 5.0"=Adobe Acrobat 5.0
"Adobe Flash Player ActiveX"=Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player Plugin
"Adobe Shockwave Player"=Adobe Shockwave Player 11
"ah"=ah Screen Saver
"ATI Display Driver"=ATI Display Driver
"Autodesk WHIP!"=Autodesk WHIP! (Release 4.0-102)
"AVG7Uninstall"=AVG 7.5
"BootSkin"=BootSkin
"Broadcom 802.11 Application"=Broadcom 802.11 Control Panel
"Broadcom 802.11b Network Adapter"=Broadcom 802.11 Driver
"Channel Master"=Channel Master
"CNXT_MODEM_PCI_VEN_10B9&DEV_5457&SUBSYS_0850103C"=Conexant 56K ACLink Modem
"Compare It!_is1"=Compare It! 3.1
"Conexant PCI Audio"=Conexant AC-Link Audio
"Free Video to iPod Converter_is1"=Free Video to iPod Converter version 3.1
"Graph paper printer"=Graph paper printer
"HijackThis"=HijackThis 2.0.2
"IconPackager"=IconPackager
"IE4Dev"=Microsoft Script Debugger
"LogonStudio"=LogonStudio
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Mozilla Firefox (3.0.5)"=Mozilla Firefox (3.0.5)
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"ObjectDock"=ObjectDock
"PROR"=Microsoft Office Professional 2007
"QT4HPOT"=One-Touch Buttons
"RealPlayer 6.0"=RealPlayer
"Shock Aero 3D v0.97"=Shock Aero 3D v0.97
"ST6UNST #1"=C-Force
"SynTPDeinstKey"=Synaptics Pointing Device Driver
"The Journal 4_is1"=The Journal 4
"Trillian"=Trillian
"UnityWebPlayer"=Unity Web Player
"VSHD Edit_is1"=VSHD Edit 1.7
"VSHD Loader_is1"=VSHD Loader 1.1
"Vuze"=Vuze
"WIC"=Windows Imaging Component
"WindowBlinds"=WindowBlinds
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 3
"WinFlip 0.50"=WinFlip 0.50
"WinRAR archiver"=WinRAR archiver
"winscp3_is1"=WinSCP 4.1.6
"WinZip"=WinZip
"WMCSetup"=Windows Media Connect
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"WZCLINE"=WinZip Command Line Support Add-On 2.0
"XP All-In-One Styler_is1"=XP All-In-One Styler 2.0.1
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape add-in for Adobe Flash Player"=Octoshape add-in for Adobe Flash Player
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-248443124-3853638973-3280566910-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape add-in for Adobe Flash Player"=Octoshape add-in for Adobe Flash Player
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 2008-12-31 11:22:53 AM | Computer Name = STUDYTIME | Source = WLTRYSVC | ID = 2
Description = SetServiceStatus() failed
Error - 2009-01-03 3:23:11 PM | Computer Name = STUDYTIME | Source = Application Error | ID = 1000
Description = Faulting application iconexplorer.exe, version 3.1.0.0, faulting module
iconexplorer.exe, version 3.1.0.0, fault address 0x000085b3.
Error - 2009-01-03 4:16:09 PM | Computer Name = STUDYTIME | Source = MPSampleSubmission | ID = 5000
Description = EventType avsubmit, P1 windefend, P2 1.1.4205.0, P3 unspecified, P4
1.49.1289.0, P5 trojan_win32_vundo.gen!c, P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL.
Error - 2009-01-03 4:22:48 PM | Computer Name = STUDYTIME | Source = Application Hang | ID = 1002
Description = Hanging application rundll32.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 2009-01-04 12:09:51 AM | Computer Name = STUDYTIME | Source = WLTRYSVC | ID = 2
Description = SetServiceStatus() failed
Error - 2009-01-04 12:19:28 PM | Computer Name = STUDYTIME | Source = MPSampleSubmission | ID = 5000
Description = EventType avsubmit, P1 windefend, P2 1.1.4205.0, P3 unspecified, P4
1.49.1289.0, P5 trojan_win32_vundo.gen!y, P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL.
Error - 2009-01-04 12:20:38 PM | Computer Name = STUDYTIME | Source = MPSampleSubmission | ID = 5000
Description = EventType avsubmit, P1 windefend, P2 1.1.4205.0, P3 unspecified, P4
1.49.1289.0, P5 trojan_win32_vundo.gen!y, P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL.
Error - 2009-01-04 12:26:08 PM | Computer Name = STUDYTIME | Source = WLTRYSVC | ID = 2
Description = SetServiceStatus() failed
Error - 2009-01-04 5:25:12 PM | Computer Name = STUDYTIME | Source = WinDefendRtp | ID = 3003
Description = %%827 Real-Time Protection checkpoint has encountered an error and
failed to start. User: STUDYTIME\Devansh Checkpoint ID: 1 Error Code: 0x80070005 Error
description: Access is denied.
Error - 2009-01-04 5:25:12 PM | Computer Name = STUDYTIME | Source = WinDefendRtp | ID = 3003
Description = %%827 Real-Time Protection checkpoint has encountered an error and
failed to start. User: STUDYTIME\Devansh Checkpoint ID: 1 Error Code: 0x8000ffff Error
description: Catastrophic failure
[ System Events ]
Error - 2009-01-04 5:02:34 PM | Computer Name = STUDYTIME | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
IntelIde PCIIde ViaIde
Error - 2009-01-04 5:02:38 PM | Computer Name = STUDYTIME | Source = Service Control Manager | ID = 7034
Description = The SQL Server VSS Writer service terminated unexpectedly. It has
done this 1 time(s).
Error - 2009-01-04 5:12:46 PM | Computer Name = STUDYTIME | Source = Service Control Manager | ID = 7022
Description = The SQL Server VSS Writer service hung on starting.
Error - 2009-01-04 5:12:46 PM | Computer Name = STUDYTIME | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
IntelIde PCIIde ViaIde
Error - 2009-01-04 5:12:46 PM | Computer Name = STUDYTIME | Source = Service Control Manager | ID = 7034
Description = The SQL Server VSS Writer service terminated unexpectedly. It has
done this 1 time(s).
Error - 2009-01-04 5:13:30 PM | Computer Name = STUDYTIME | Source = Service Control Manager | ID = 7031
Description = The Windows Media Player Network Sharing Service service terminated
unexpectedly. It has done this 1 time(s). The following corrective action will
be taken in 30000 milliseconds: Restart the service.
Error - 2009-01-05 3:33:47 PM | Computer Name = STUDYTIME | Source = Service Control Manager | ID = 7022
Description = The SQL Server VSS Writer service hung on starting.
Error - 2009-01-05 3:33:50 PM | Computer Name = STUDYTIME | Source = Service Control Manager | ID = 7022
Description = The WLTRYSVC service hung on starting.
Error - 2009-01-05 3:33:50 PM | Computer Name = STUDYTIME | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
IntelIde PCIIde ViaIde
Error - 2009-01-05 3:34:03 PM | Computer Name = STUDYTIME | Source = Service Control Manager | ID = 7034
Description = The SQL Server VSS Writer service terminated unexpectedly. It has
done this 1 time(s).
< End of report >
GMER RootKit
GMER 1.0.12.12011 - http://www.gmer.net
Rootkit scan 2009-01-05 15:39:37
Windows 5.1.2600 Service Pack 3
---- Registry - GMER 1.0.12 ----
Reg \Registry\USER\S-1-5-21-248443124-3853638973-3280566910-1008\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4AAF8D7F-BF0D-7FEC-2B70-27A003C489A7}@haaeopjngcmedbcn 0x6E 0x61 0x64 0x68 ...
Reg \Registry\USER\S-1-5-21-248443124-3853638973-3280566910-1008\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4AAF8D7F-BF0D-7FEC-2B70-27A003C489A7}@japdponkiokkdbgagdbf 0x6F 0x61 0x70 0x64 ...
---- Files - GMER 1.0.12 ----
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0CE7F3C9
ADS C:\Documents and Settings\All Users\Application Data\TEMP:6900017D
ADS C:\RECYCLER\S-1-5-21-248443124-3853638973-3280566910-1008\Dc3\f_system:test
ADS C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP568\A0286743.exe:changelist
ADS C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP569\A0286757.exe:changelist
ADS C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP570\A0287903.exe:changelist
ADS C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP570\A0287904.exe:changelist
ADS C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP570\A0287905.exe:changelist
ADS C:\System Volume Information\_restore{53CA11E8-DAD2-41B2-969B-D957F085F140}\RP570\A0287906.exe:changelist
ADS C:\WINDOWS\system32\bxubvkzk.exe:changelist
---- EOF - GMER 1.0.12 ----
#4
- Visiting Staff
-
- Group: Visiting Staff
- Posts: 629
- Joined: 21-June 08
- Gender:Male
- Location:Northfield, Ohio
- Interests:Programming, Malware Smashing
Posted 06 January 2009 - 03:41 AM
Hello, Devansh
You appear to have a Registry Cleaner installed!
The following is referring to Uniblue Registry Booster 2
Please be aware that 247 Fixes staff do not recommend the usage of registry cleaners / tools due to the following facts:
If you feel you have the need for a registry cleaner, then you are just as welcome to keep it. This is what we refer to an "optional fix" and is up to the user, so just take this as a recommendation from my side.
We need to execute an OTMoveIt3 script
In your next reply, please include the following:
BillyIII
You appear to have a Registry Cleaner installed!
The following is referring to Uniblue Registry Booster 2
Please be aware that 247 Fixes staff do not recommend the usage of registry cleaners / tools due to the following facts:
- Registry tools can cause irreparable damage to your Operating System
- Registry tools can, as a result of the above, render your pc to be inoperable.
If you feel you have the need for a registry cleaner, then you are just as welcome to keep it. This is what we refer to an "optional fix" and is up to the user, so just take this as a recommendation from my side.
We need to execute an OTMoveIt3 script
- Please download OTMoveIt3 by OldTimer and save it to your desktop.
- Double click the http://billy-oneal.com/Canned%20Speeches/speechimages/otmi3/otmi3desktopicon.png icon on your desktop.
- Paste the following code under the http://billy-oneal.com/Canned%20Speeches/speechimages/otmi3/pasteline.png area. Do not include the word "Code".
:reg [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}] [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2769040C-B5E5-446F-95D1-CCCE449BF08D}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar] "{affa8b5f-909b-492b-952a-bc1b2ac37395}"=- [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}"=- [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{AFFA8B5F-909B-492B-952A-BC1B2AC37395}"=- [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=- [HKEY_USERS\S-1-5-21-248443124-3853638973-3280566910-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}"=- [HKEY_USERS\S-1-5-21-248443124-3853638973-3280566910-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{AFFA8B5F-909B-492B-952A-BC1B2AC37395}"=- [HKEY_USERS\S-1-5-21-248443124-3853638973-3280566910-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=- [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "cfgcomadm"=- "CryptLoad"=- "ProxyWay"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run] "YBlEiyprNI"=- [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoDriveTypeAutoRun"=- "NoDriveAutoRun"=- [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoDriveTypeAutoRun"=- "NoDriveAutoRun"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "UIHost"="C:\WINDOWS\system32\logonui.exe" [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\opnkkliH] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "StrUtil"=- [-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{61ca4e41-9d88-11dd-a135-00904b4167db}] [HKEY_CLASSES_ROOT\.scr] @="scrfiles" [HKEY_CLASSES_ROOT\scrfiles\shell] @="Open" [HKEY_CLASSES_ROOT\scrfiles\shell\&open\command] @="\"%1\" %*" [-HKEY_USERS\S-1-5-21-248443124-3853638973-3280566910-1008\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4AAF8D7F-BF0D-7FEC-2B70-27A003C489A7}] :files C:\WINDOWS\system32\jkkLDTmM.dll C:\WINDOWS\system32\nevyrqly.exe C:\WINDOWS\System32\CF23831.exe C:\start C:\WINDOWS\tasks\lunywxgs.job C:\WINDOWS\System32\bxubvkzk.exe C:\Program Files\dhahmac C:\Documents and Settings\Devansh\Desktop\CryptLoad_RS_MUDownloader_v1.04_ByMechodownload\ C:\Program Files\ProxyWay C:\Documents and Settings\All Users\Application Data\xwzsbyts C:\WINDOWS\system32\logonuiX.exe - Push the large http://billy-oneal.com/Canned%20Speeches/speechimages/otmi3/btnmoveit.png button.
- OTMI3 may ask to reboot the machine. Please do so if asked.
- Copy/Paste the contents under the http://billy-oneal.com/Canned%20Speeches/speechimages/otmi3/results.png line here in your next reply.
- If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
In your next reply, please include the following:
- OTMoveIt3's Log
- A New OTVIewIt Main.txt
- A New OTViewIt Extra.txt
BillyIII
#5
- Full Member
-
- Group: Member+
- Posts: 16
- Joined: 18-June 08
Posted 08 January 2009 - 08:05 PM
OTMoveIt3 Log
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2769040C-B5E5-446F-95D1-CCCE449BF08D}\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar\\{affa8b5f-909b-492b-952a-bc1b2ac37395} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{affa8b5f-909b-492b-952a-bc1b2ac37395}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{AFFA8B5F-909B-492B-952A-BC1B2AC37395} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFFA8B5F-909B-492B-952A-BC1B2AC37395}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry value HKEY_USERS\S-1-5-21-248443124-3853638973-3280566910-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}\ not found.
Registry value HKEY_USERS\S-1-5-21-248443124-3853638973-3280566910-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{AFFA8B5F-909B-492B-952A-BC1B2AC37395} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFFA8B5F-909B-492B-952A-BC1B2AC37395}\ not found.
Registry value HKEY_USERS\S-1-5-21-248443124-3853638973-3280566910-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\cfgcomadm deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\CryptLoad deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ProxyWay deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\YBlEiyprNI deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\"UIHost"|"C:\WINDOWS\system32\logonui.exe" /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\opnkkliH\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\StrUtil deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{61ca4e41-9d88-11dd-a135-00904b4167db}\\ deleted successfully.
HKEY_CLASSES_ROOT\.scr\\@|"scrfiles" /E : value set successfully!
HKEY_CLASSES_ROOT\scrfiles\shell\\@|"Open" /E : value set successfully!
HKEY_CLASSES_ROOT\scrfiles\shell\&open\command\\@|"\"%1\" %*" /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-248443124-3853638973-3280566910-1008\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4AAF8D7F-BF0D-7FEC-2B70-27A003C489A7}\\ not found.
========== FILES ==========
File/Folder C:\WINDOWS\system32\jkkLDTmM.dll not found.
File/Folder C:\WINDOWS\system32\nevyrqly.exe not found.
C:\WINDOWS\System32\CF23831.exe moved successfully.
C:\start moved successfully.
C:\WINDOWS\tasks\lunywxgs.job moved successfully.
C:\WINDOWS\System32\bxubvkzk.exe moved successfully.
File/Folder C:\Program Files\dhahmac not found.
Folder C:\Documents and Settings\Devansh\Desktop\CryptLoad_RS_MUDownloader_v1.04_ByMechodownload not found.
File/Folder C:\Program Files\ProxyWay not found.
C:\Documents and Settings\All Users\Application Data\xwzsbyts moved successfully.
C:\WINDOWS\system32\logonuiX.exe moved successfully.
OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01082009_145054
OTViewIt Extras
OTViewIt Extras logfile created on: 2009-01-08 2:52:54 PM - Run 2
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Devansh\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy-MM-dd
958.98 Mb Total Physical Memory | 443.29 Mb Available Physical Memory | 46.22% Memory free
1.51 Gb Paging File | 1.08 Gb Available in Paging File | 71.05% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.30 Gb Total Space | 8.42 Gb Free Space | 28.74% Space Free | Partition Type: NTFS
Drive D: | 26.58 Gb Total Space | 25.01 Gb Free Space | 94.11% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: STUDYTIME
Current User Name: Devansh
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days
"Use My Stylesheet"=
"User Stylesheet"=
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.scr [@ = Reg Error: Value does not exist or could not be read.] -- Reg Error: Key does not exist or could not be opened. File not found
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DoNotAllowExceptions"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\IcmpSettings]
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008-04-13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
File not found -- C:\Program Files\GlobalSCAPE\CuteFTP Pro\TE\ftpte.exe:*:Enabled:FTP Transfer Engine
File not found -- C:\Program Files\SecureCRT\SecureCRT.EXE:*:Enabled:SecureCRT Application
File not found -- C:\Program Files\StarNet\X-Win32\xwin32.exe:*:Enabled:X-Win32 X-Server
[2008-04-13 19:12:15 | 01,032,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\NetMeeting\conf.exe:*:Disabled:Windows® NetMeeting®
[2008-04-13 19:12:20 | 00,042,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ftp.exe:*:Enabled:File Transfer Program
File not found -- C:\Program Files\Altova\xmlspy\XMLSPY.exe:*:Enabled:XMLSPY
File not found -- C:\Program Files\Altova\xmlspy\StylesheetDesigner.exe:*:Enabled:Stylesheet Designer
[2008-04-13 19:12:22 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer
File not found -- C:\Program Files\CentraOne\bin\launcher.exe:*:Enabled:CentraOne Launcher
File not found -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
File not found -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)
[2008-04-13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008-04-13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
File not found -- C:\Program Files\SecureCRT\SecureCRT.EXE:*:Enabled:SecureCRT Application
[2008-04-13 19:12:15 | 01,032,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting®
File not found -- C:\Program Files\Altova\xmlspy\XMLSPY.exe:*:Enabled:XMLSPY
File not found -- C:\Program Files\GlobalSCAPE\CuteFTP Pro\TE\ftpte.exe:*:Enabled:FTP Transfer Engine
[2008-04-13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
File not found -- C:\Program Files\CounterPath\X-Lite\x-lite.exe:*:Enabled:X-Lite
File not found -- C:\Program Files\CounterPath\eyeBeam 1.5\eyeBeam.exe:*:Enabled:eyeBeam
[2006-10-18 20:46:20 | 00,064,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmplayer.exe:*:Enabled:Windows Media Player
[2008-10-16 14:05:13 | 00,514,560 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe
[2008-02-29 08:27:53 | 00,418,816 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe
[2008-10-16 14:05:10 | 00,590,848 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe
[2008-12-17 20:01:53 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox
File not found -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
File not found -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)
File not found -- C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client
File not found -- C:\Program Files\ProxyWay\proxyway.exe:*:Enabled:ProxyWay Extra
[2007-09-18 14:11:20 | 01,422,592 | ---- | M] (Sony Creative Software Inc.) -- C:\Program Files\Sony\Media Manager for PSP 2.5\MediaManager.exe:*:Enabled:Media Manager for PSP 2.5
File not found -- C:\Program Files\Xi\NetXfer\NetTransport.exe:*:Enabled:NetXfer Download Manager
File not found -- C:\Documents and Settings\Devansh\Desktop\CryptLoad_RS_MUDownloader_v1.04_ByMechodownload\CryptLoad RS&MUDownloader v1.04_ByMechodownload\CryptLoad_1.0.4\RouterClient.exe:*:Enabled:RouterClient
File not found -- C:\Program Files\CSS & HL2 - Final Pack\hl2.exe:*:Enabled:hl2
[2008-04-13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
File not found -- C:\srcds\srcds.exe:*:Enabled:srcds
File not found -- C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC
[2007-12-03 19:28:42 | 00,254,976 | ---- | M] (Azureus Inc) -- C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus
File not found -- C:\Program Files\SmsDiscount.com\SmsDiscount\SmsDiscount.exe:*:Enabled:SmsDiscount
[2008-05-21 04:37:24 | 12,844,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook
[2008-11-05 16:34:16 | 00,318,976 | ---- | M] (Octoshape ApS) -- C:\Documents and Settings\Devansh\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player
[2008-11-20 13:20:48 | 14,294,824 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
File not found -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
[2008-06-10 00:21:01 | 00,135,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\system32\java.exe:*:Enabled:Java™ Platform SE binary
[2008-06-10 00:21:04 | 00,135,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\system32\javaw.exe:*:Enabled:Java™ Platform SE binary
========== (O18) Protocol Handlers ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]
[2007-08-28 23:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
msdaipp: [HKLM - No CLSID value]
[2007-08-28 23:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
[2007-08-28 23:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]
[2006-10-26 13:45:02 | 00,873,216 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} (HKLM) [HxProtocol Class])
[2007-05-10 12:45:34 | 08,069,464 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])
========== (O18) Protocol Filters ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2006-10-26 21:41:48 | 00,044,344 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL text/xml:{807563E5-5146-11D5-A672-00B0D022E945} (HKLM) [Microsoft Office InfoPath XML Mime Filter]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00CD55D6-EE5A-4570-9875-8A306628C032}"=Cisco Systems VPN Client 4.7.00.0533
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}"=ATI Control Panel
"{0D6AACB5-9663-472D-8D29-1DC8F4D3E6FF}"=Sony Media Manager for PSP 2.5
"{2A267BC6-F77F-4DD4-825F-7AEB1F68B4B1}"=HpSdpAppCoreApp
"{318AB667-3230-41B5-A617-CB3BF748D371}"=iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0150160}"=J2SE Runtime Environment 5.0 Update 16
"{3248F0A8-6813-11D6-A77B-00B0D0160010}"=Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java™ 6 Update 7
"{32A3A4F4-B792-11D6-A78A-00B0D0150160}"=J2SE Development Kit 5.0 Update 16
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{46DDF76F-ACD4-42BC-B48F-B89C4EE2E1A9}"=Easy CD & DVD Creator 6
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}"=Microsoft SQL Server Setup Support Files (English)
"{671CB656-DCED-4C30-90AD-CA75CB5C7BAA}"=Windows Live Local Add-in for Microsoft Office Outlook
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{7148F0A8-6813-11D6-A77B-00B0D0142000}"=Java 2 Runtime Environment, SE v1.4.2
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}"=Microsoft Silverlight
"{90120000-0010-0409-0000-0000000FF1CE}"=Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}"=Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}"=Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}"=Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}"=Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}"=Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}"=Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}"=Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{3EC77D26-799B-4CD8-914F-C1565E796173}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}"=Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{430971B1-C31E-45DA-81E0-72C095BAB72C}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}"=Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0020-0409-0000-0000000FF1CE}"=Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}"=Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}"=Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{FAD8A83E-9BAC-4179-9268-A35948034D85}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}"=Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{FAD8A83E-9BAC-4179-9268-A35948034D85}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}"=Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{903A0409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Project Standard 2003
"{90510409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Visio Professional 2003
"{91120000-0014-0000-0000-0000000FF1CE}"=Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{924EB80F-C2BB-4B9F-8412-88BBA937393F}"=MobileMe Control Panel
"{98E8A2EF-4EAE-43B8-A172-74842B764777}"=InterVideo WinDVD
"{A06275F4-324B-4E85-95E6-87B2CD729401}"=Windows Defender
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}"=MSXML 6.0 Parser
"{A8B94669-8654-4126-BD28-D0D2412CDED6}"=TI Connect 1.6
"{A8F2DCDE-AE4E-4AC9-BECD-496FB80FBF6A}"=Notebook Utilities
"{AC76BA86-7AD7-1033-7B44-A71000000002}"=Adobe Reader 7.1.0
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{BEF106F8-2689-4530-925A-E1117836E8CD}"=Google SketchUp 7
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}"=HP Product Detection
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}"=Microsoft SQL Server VSS Writer
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}"=Apple Mobile Device Support
"{F07AE5AB-516C-4CEB-A0AA-AD083B9182C6}"=TI NoteFolio Creator
"{F958CA02-BB40-4007-894B-258729456EE4}"=QuickTime
"{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}"=Microsoft SQL Server Native Client
"Adobe Acrobat 5.0"=Adobe Acrobat 5.0
"Adobe Flash Player ActiveX"=Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player Plugin
"Adobe Shockwave Player"=Adobe Shockwave Player 11
"ah"=ah Screen Saver
"ATI Display Driver"=ATI Display Driver
"Autodesk WHIP!"=Autodesk WHIP! (Release 4.0-102)
"AVG7Uninstall"=AVG 7.5
"BootSkin"=BootSkin
"Broadcom 802.11 Application"=Broadcom 802.11 Control Panel
"Broadcom 802.11b Network Adapter"=Broadcom 802.11 Driver
"Channel Master"=Channel Master
"CNXT_MODEM_PCI_VEN_10B9&DEV_5457&SUBSYS_0850103C"=Conexant 56K ACLink Modem
"Compare It!_is1"=Compare It! 3.1
"Conexant PCI Audio"=Conexant AC-Link Audio
"Free Video to iPod Converter_is1"=Free Video to iPod Converter version 3.1
"Graph paper printer"=Graph paper printer
"HijackThis"=HijackThis 2.0.2
"IconPackager"=IconPackager
"IE4Dev"=Microsoft Script Debugger
"LogonStudio"=LogonStudio
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Mozilla Firefox (3.0.5)"=Mozilla Firefox (3.0.5)
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"ObjectDock"=ObjectDock
"PROR"=Microsoft Office Professional 2007
"QT4HPOT"=One-Touch Buttons
"RealPlayer 6.0"=RealPlayer
"Shock Aero 3D v0.97"=Shock Aero 3D v0.97
"ST6UNST #1"=C-Force
"SynTPDeinstKey"=Synaptics Pointing Device Driver
"The Journal 4_is1"=The Journal 4
"Trillian"=Trillian
"UnityWebPlayer"=Unity Web Player
"VSHD Edit_is1"=VSHD Edit 1.7
"VSHD Loader_is1"=VSHD Loader 1.1
"Vuze"=Vuze
"WIC"=Windows Imaging Component
"WindowBlinds"=WindowBlinds
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 3
"WinFlip 0.50"=WinFlip 0.50
"WinRAR archiver"=WinRAR archiver
"winscp3_is1"=WinSCP 4.1.6
"WinZip"=WinZip
"WMCSetup"=Windows Media Connect
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"WZCLINE"=WinZip Command Line Support Add-On 2.0
"XP All-In-One Styler_is1"=XP All-In-One Styler 2.0.1
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape add-in for Adobe Flash Player"=Octoshape add-in for Adobe Flash Player
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 2008-12-31 11:22:53 AM | Computer Name = STUDYTIME | Source = WLTRYSVC | ID = 2
Description = SetServiceStatus() failed
Error - 2009-01-03 3:23:11 PM | Computer Name = STUDYTIME | Source = Application Error | ID = 1000
Description = Faulting application iconexplorer.exe, version 3.1.0.0, faulting module
iconexplorer.exe, version 3.1.0.0, fault address 0x000085b3.
Error - 2009-01-03 4:16:09 PM | Computer Name = STUDYTIME | Source = MPSampleSubmission | ID = 5000
Description = EventType avsubmit, P1 windefend, P2 1.1.4205.0, P3 unspecified, P4
1.49.1289.0, P5 trojan_win32_vundo.gen!c, P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL.
Error - 2009-01-03 4:22:48 PM | Computer Name = STUDYTIME | Source = Application Hang | ID = 1002
Description = Hanging application rundll32.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 2009-01-04 12:09:51 AM | Computer Name = STUDYTIME | Source = WLTRYSVC | ID = 2
Description = SetServiceStatus() failed
Error - 2009-01-04 12:19:28 PM | Computer Name = STUDYTIME | Source = MPSampleSubmission | ID = 5000
Description = EventType avsubmit, P1 windefend, P2 1.1.4205.0, P3 unspecified, P4
1.49.1289.0, P5 trojan_win32_vundo.gen!y, P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL.
Error - 2009-01-04 12:20:38 PM | Computer Name = STUDYTIME | Source = MPSampleSubmission | ID = 5000
Description = EventType avsubmit, P1 windefend, P2 1.1.4205.0, P3 unspecified, P4
1.49.1289.0, P5 trojan_win32_vundo.gen!y, P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL.
Error - 2009-01-04 12:26:08 PM | Computer Name = STUDYTIME | Source = WLTRYSVC | ID = 2
Description = SetServiceStatus() failed
Error - 2009-01-04 5:25:12 PM | Computer Name = STUDYTIME | Source = WinDefendRtp | ID = 3003
Description = %%827 Real-Time Protection checkpoint has encountered an error and
failed to start. User: STUDYTIME\Devansh Checkpoint ID: 1 Error Code: 0x80070005 Error
description: Access is denied.
Error - 2009-01-04 5:25:12 PM | Computer Name = STUDYTIME | Source = WinDefendRtp | ID = 3003
Description = %%827 Real-Time Protection checkpoint has encountered an error and
failed to start. User: STUDYTIME\Devansh Checkpoint ID: 1 Error Code: 0x8000ffff Error
description: Catastrophic failure
[ System Events ]
Error - 2009-01-05 3:34:03 PM | Computer Name = STUDYTIME | Source = Service Control Manager | ID = 7034
Description = The SQL Server VSS Writer service terminated unexpectedly. It has
done this 1 time(s).
Error - 2009-01-06 6:40:29 PM | Computer Name = STUDYTIME | Source = Service Control Manager | ID = 7022
Description = The SQL Server VSS Writer service hung on starting.
Error - 2009-01-06 6:40:29 PM | Computer Name = STUDYTIME | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
IntelIde PCIIde ViaIde
Error - 2009-01-06 6:40:30 PM | Computer Name = STUDYTIME | Source = Service Control Manager | ID = 7034
Description = The SQL Server VSS Writer service terminated unexpectedly. It has
done this 1 time(s).
Error - 2009-01-07 6:37:06 AM | Computer Name = STUDYTIME | Source = Service Control Manager | ID = 7022
Description = The SQL Server VSS Writer service hung on starting.
Error - 2009-01-07 6:37:06 AM | Computer Name = STUDYTIME | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
IntelIde PCIIde ViaIde
Error - 2009-01-07 6:37:06 AM | Computer Name = STUDYTIME | Source = Service Control Manager | ID = 7034
Description = The SQL Server VSS Writer service terminated unexpectedly. It has
done this 1 time(s).
Error - 2009-01-07 12:22:06 PM | Computer Name = STUDYTIME | Source = Service Control Manager | ID = 7022
Description = The SQL Server VSS Writer service hung on starting.
Error - 2009-01-07 12:22:06 PM | Computer Name = STUDYTIME | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
IntelIde PCIIde ViaIde
Error - 2009-01-07 12:22:06 PM | Computer Name = STUDYTIME | Source = Service Control Manager | ID = 7034
Description = The SQL Server VSS Writer service terminated unexpectedly. It has
done this 1 time(s).
< End of report >
OTWiewIt Log
OTViewIt logfile created on: 2009-01-08 2:52:54 PM - Run 2
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Devansh\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy-MM-dd
958.98 Mb Total Physical Memory | 443.29 Mb Available Physical Memory | 46.22% Memory free
1.51 Gb Paging File | 1.08 Gb Available in Paging File | 71.05% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.30 Gb Total Space | 8.42 Gb Free Space | 28.74% Space Free | Partition Type: NTFS
Drive D: | 26.58 Gb Total Space | 25.01 Gb Free Space | 94.11% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: STUDYTIME
Current User Name: Devansh
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days
========== Processes ==========
[2006-11-03 18:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
[2008-11-07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2008-02-29 08:27:53 | 00,418,816 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG7\avgamsvr.exe
[2008-02-29 08:28:16 | 00,049,664 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG7\avgupsvc.exe
[2005-08-12 16:37:50 | 01,504,256 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
[2002-08-15 13:11:00 | 00,151,552 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\HPConfig.exe
[2003-01-14 17:12:14 | 00,053,248 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
[2004-01-13 08:51:10 | 00,045,056 | ---- | M] () -- C:\WINDOWS\system32\WLTRYSVC.EXE
[2001-05-01 20:06:22 | 00,053,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MsPMSPSv.exe
[2006-10-18 19:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
[2002-08-14 20:29:38 | 00,290,816 | ---- | M] (ATI Technologies, Inc.) -- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[2003-03-13 10:14:42 | 00,102,400 | ---- | M] (Dritek System Inc.) -- C:\Program Files\HPQ\One-Touch\ONETOUCH.EXE
[2005-02-02 19:12:24 | 00,102,492 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
[2005-02-02 19:11:14 | 00,692,316 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[2003-05-21 15:35:50 | 00,004,608 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\carpserv.exe
[2008-10-16 14:05:10 | 00,590,848 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG7\avgcc.exe
[2008-06-10 03:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[2006-10-18 19:05:26 | 00,204,288 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
[2004-01-13 08:51:08 | 00,499,712 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\BCMWLTRY.EXE
[2008-04-13 19:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2008-01-28 19:39:59 | 00,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[2008-12-17 20:01:53 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2008-10-16 14:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2009-01-08 14:50:11 | 00,348,160 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Devansh\Desktop\OTMoveIt3.exe
[2009-01-05 14:37:12 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Devansh\Desktop\OTViewIt.exe
========== (O23) Win32 Services ==========
[2008-11-07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2007-10-24 00:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2008-02-29 08:27:53 | 00,418,816 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG7\avgamsvr.exe -- (Avg7Alrt [Auto | Running])
[2008-02-29 08:28:16 | 00,049,664 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG7\avgupsvc.exe -- (Avg7UpdSvc [Auto | Running])
[2007-10-24 00:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2005-08-12 16:37:50 | 01,504,256 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND [Auto | Running])
[2002-08-15 13:11:00 | 00,151,552 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\HPConfig.exe -- (HPConfig [Auto | Running])
[2003-01-14 17:12:14 | 00,053,248 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe -- (HPWirelessMgr [Auto | Running])
[2005-04-03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2008-11-20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
File not found -- -- (MSSQLServerADHelper [On_Demand | Stopped])
[2007-08-24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
[2006-10-26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2007-02-10 05:29:56 | 00,089,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter [Auto | Stopped])
[2006-11-03 18:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend [Auto | Running])
[2004-01-13 08:51:10 | 00,045,056 | ---- | M] () -- C:\WINDOWS\system32\WLTRYSVC.EXE -- (WLTRYSVC [Auto | Running])
[2001-05-01 20:06:22 | 00,053,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MsPMSPSv.exe -- (WMDM PMSP Service [Auto | Running])
[2006-10-18 19:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [Auto | Running])
========== Driver Services ==========
[2001-08-17 16:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde [Boot | Running])
[2003-07-10 06:16:46 | 00,026,112 | R--- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\drivers\aliirda.sys -- (ALiIRDA [On_Demand | Running])
[2005-11-21 00:48:20 | 00,016,512 | ---- | M] (Adaptec) -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32 [Auto | Running])
[2004-05-15 18:29:12 | 00,701,952 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
[2008-02-29 08:28:20 | 00,821,856 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\system32\drivers\avg7core.sys -- (Avg7Core [System | Running])
[2008-02-29 08:28:25 | 00,004,224 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\system32\drivers\avg7rsw.sys -- (Avg7RsW [System | Running])
[2008-02-29 08:28:26 | 00,027,776 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\system32\drivers\avg7rsxp.sys -- (Avg7RsXP [System | Running])
[2008-02-29 08:29:50 | 00,010,760 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\system32\drivers\avgclean.sys -- (AvgClean [System | Running])
[2006-10-12 23:26:56 | 00,604,928 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX [On_Demand | Running])
[2009-01-02 15:50:39 | 00,163,456 | ---- | M] () -- C:\WINDOWS\system32\drivers\vidstub.sys -- (BootScreen [Boot | Running])
[2002-07-18 08:07:50 | 00,023,602 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atisgkaf.SYS -- (caboagp [Boot | Running])
[2004-02-17 17:58:40 | 00,292,352 | ---- | M] (Conexant Systems Inc.) -- C:\WINDOWS\system32\drivers\caliaud.sys -- (CALIAUD [On_Demand | Running])
[2004-02-17 17:59:18 | 00,273,536 | ---- | M] (Conexant Systems Inc.) -- C:\WINDOWS\system32\drivers\calihal.sys -- (CALIHALA [On_Demand | Running])
[2008-01-04 16:58:46 | 00,009,336 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp [System | Running])
[2008-01-04 16:58:46 | 00,009,464 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k [System | Running])
[2003-01-01 07:34:42 | 00,259,456 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys -- (cdudf_xp [System | Running])
[2001-08-17 02:13:20 | 00,027,164 | ---- | M] (Xircom, Inc.) -- C:\WINDOWS\system32\drivers\CE3N5.SYS -- (CE3 [On_Demand | Stopped])
[2005-05-17 03:51:34 | 00,005,315 | ---- | M] (Cisco Systems, Inc.) -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA [On_Demand | Stopped])
[2005-08-12 16:35:56 | 00,305,739 | ---- | M] (Cisco Systems, Inc.) -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA [On_Demand | Running])
[2002-10-16 07:15:54 | 00,014,543 | ---- | M] (Dritek System Inc.) -- C:\WINDOWS\system32\drivers\DKbFltr.SYS -- (DKbFltr [On_Demand | Running])
[2004-11-03 11:07:24 | 00,146,888 | ---- | M] (Deterministic Networks, Inc.) -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE [On_Demand | Running])
[2008-04-13 13:39:46 | 00,206,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\dot4.sys -- (Dot4 [On_Demand | Stopped])
[2001-08-17 12:47:32 | 00,012,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\Dot4Prt.sys -- (Dot4Print [On_Demand | Stopped])
[2003-07-16 20:01:02 | 00,028,280 | ---- | M] (National Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\DP83815.sys -- (DP83815 [On_Demand | Stopped])
[2003-07-18 20:25:16 | 00,021,993 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K [On_Demand | Stopped])
[2008-04-17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2009-01-05 14:42:10 | 00,068,961 | ---- | M] (GMER) -- C:\WINDOWS\system32\drivers\gmer.sys -- (gmer [On_Demand | Stopped])
[2002-07-17 15:09:12 | 00,014,504 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\drivers\hpci.sys -- (HPCI [On_Demand | Running])
[2004-12-15 13:18:28 | 00,205,696 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFHWALI.sys -- (HSFHWALI [On_Demand | Running])
[2003-05-21 15:31:22 | 01,063,040 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP [On_Demand | Stopped])
[2004-12-15 14:19:08 | 01,038,208 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV [On_Demand | Running])
[2008-04-13 13:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Stopped])
[2006-09-18 17:38:26 | 00,015,584 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X [Auto | Running])
[2006-06-19 13:26:58 | 00,012,672 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
[2003-07-18 20:25:14 | 00,022,745 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K [On_Demand | Running])
[2001-08-17 16:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])
[2008-04-13 13:53:09 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm [On_Demand | Stopped])
[2003-03-30 21:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2003-07-18 20:25:10 | 00,118,409 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k [System | Running])
[2008-01-04 16:58:46 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
[2007-01-18 10:24:58 | 00,026,496 | R--- | M] (Research in Motion Ltd) -- C:\WINDOWS\system32\drivers\RimSerial.sys -- (RimVSerPort [On_Demand | Stopped])
[2003-03-30 21:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rootmdm.sys -- (ROOTMODEM [On_Demand | Stopped])
[2008-04-13 13:40:48 | 00,043,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sbp2port.sys -- (sbp2port [Boot | Stopped])
[2007-11-13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2001-08-17 02:10:28 | 00,035,913 | ---- | M] (SMC) -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA [On_Demand | Stopped])
[2003-05-21 15:35:56 | 00,030,592 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\strmdisp.sys -- (StreamDispatcher [Auto | Running])
[2005-02-02 18:59:00 | 00,191,456 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP [On_Demand | Running])
[2004-02-04 10:27:56 | 00,049,536 | ---- | M] (Texas Instruments Incorporated) -- C:\WINDOWS\system32\drivers\tiehdusb.sys -- (TIEHDUSB [On_Demand | Stopped])
[2003-07-18 20:22:06 | 00,213,120 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\UdfReadr_xp.sys -- (UdfReadr_xp [System | Running])
[2008-10-01 13:01:28 | 00,032,000 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
[2005-01-26 04:22:20 | 00,280,344 | ---- | M] (Zone Labs LLC) -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant [On_Demand | Stopped])
[2004-12-15 14:18:28 | 00,703,232 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf [On_Demand | Running])
[2008-04-13 13:36:38 | 00,008,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wmiacpi.sys -- (WmiAcpi [System | Stopped])
========== (R ) Internet Explorer ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://us8l.hpwis.com/
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
"provider"=
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{affa8b5f-909b-492b-952a-bc1b2ac37395}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
========== (O1) Hosts File ==========
HOSTS File = (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
========== (O2) BHO's ==========
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{3049C3E9-B461-4BC5-8870-4C09146192CA} (HKLM) -- C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
========== (O3) Toolbars ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{D0943516-5076-4020-A3B5-AEFAF26AB263}" (HKLM) -- C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll File not found
========== (O4) Run Keys ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
"AVG7_CC"=C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP (GRISOFT, s.r.o.)
"CARPService"=carpserv.exe (Conexant Systems, Inc.)
"Cpqset"=C:\Program Files\HPQ\Default Settings\cpqset.exe ()
"Display Settings"=C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s (Hewlett-Packard)
"LanTalk.NET"=C:\Program Files\CEZEO software\LanTalk NET\LanTalk.exe File not found
"Malwarebytes Anti-Malware Reboot"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript File not found
"QT4HPOT"=C:\Program Files\HPQ\One-Touch\OneTouch.EXE (Dritek System Inc.)
"RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" (Roxio)
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
"TV Now"=C:\Program Files\HPQ\Notebook Utilities\TvNow.exe /RK ()
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" File not found
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C:\Documents and Settings\Devansh\Desktop\BlackBerry_JDE_Components_4.5.0.exe"=C:\Documents and Settings\Devansh\Desktop\BlackBerry_JDE_Components_4.5.0.exe File not found
"SmsDiscount"="C:\Program Files\SmsDiscount.com\SmsDiscount\SmsDiscount.exe" -nosplash -minimized File not found
"Uniblue RegistryBooster 2"=C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S File not found
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
========== (O4) Startup Folders ==========
[2008-04-23 02:38:16 | 00,029,696 | -H-- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
[2008-05-15 09:54:00 | 00,006,144 | R--- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{00CD55D6-EE5A-4570-9875-8A306628C032}\Icon3E5562ED7.ico
========== (O6 & O7) Current Version Policies ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"AllowLegacyWebView"=1
"AllowUnhashedWebView"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableRegistryTools"=0
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDrives"=0
========== (O8) IE Context Menu Extensions ==========
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [2008-12-12 15:30:30 | 17,858,560 | ---- | M] (Microsoft Corporation)
========== (O9) IE Extensions ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [2008-06-10 03:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{5BB29DC6-4046-4aa1-B590-C29372456BA0}: Button: SiteCatalyst ClickMap -- %SystemRoot%\Downloaded Program Files\ClickMap.dll File not found
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [2006-10-26 20:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008-04-13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008-04-13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008-04-13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003-02-28 18:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{5BB29DC6-4046-4aa1-B590-C29372456BA0} [HKLM] -> %SystemRoot%\Downloaded Program Files\ClickMap.dll [SiteCatalyst ClickMap] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [Research] -> [2006-10-26 20:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008-04-13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008-04-13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
========== (O12) Internet Explorer Plugins ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.micro...d...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery
========== (O13) Default Prefixes ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://
========== (O15) Trusted Sites ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
33 domain(s) and sub-domain(s) not assigned to a zone.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
32 domain(s) and sub-domain(s) not assigned to a zone.
========== (O16) DPF ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{166B1BCA-3F9C-11CF-8075-444553540000}: http://download.macr...director/sw.cab -- Shockwave ActiveX Control
{17492023-C23A-453E-A040-C7C580BBF700}: http://go.microsoft....k/?linkid=39204 -- Windows Genuine Advantage Validation Tool
{33564D57-0000-0010-8000-00AA00389B71}: http://download.micr...922/wmv9VCM.CAB -- Reg Error: Key does not exist or could not be opened.
{35C3D91E-401A-4E45-88A5-F3B32CD72DF4}: https://udit.taxcut....html/AtxEnc.cab -- Encrypt Class
{39B0684F-D7BF-4743-B050-FDC3F48F7E3B}: http://www.fileplane...C_2.3.7.109.cab -- Reg Error: Key does not exist or could not be opened.
{483EB14D-AF1C-4951-81B0-4E2B41829FF6}: https://www.select2p...bs/QOLCheck.ocx -- QOLCheck Control
{48DD0448-9209-4F81-9F6D-D83562940134}: http://lads.myspace....ploader1006.cab -- MySpace Uploader Control
{4F1E5B1A-2A80-42CA-8532-2D05CB959537}: http://gfx2.hotmail....es/MSNPUpld.cab -- MSN Photo Upload Tool
{55E515F7-0FA2-4610-874E-028107E766A3}: http://titan.kc.hrbl...webeditpro3.cab -- eWebEditProLibCtl3.eWebEditPro
{5C6698D9-7BE4-4122-8EC5-291D84DBD4A0}: http://upload.facebo...toUploader3.cab -- Facebook Photo Uploader 4 Control
{644E432F-49D3-41A1-8DD5-E099162EEEC5}: http://security.syma...n/bin/cabsa.cab -- Symantec RuFSI Utility Class
{67DABFBF-D0AB-41FA-9C46-CC0F21721616}: http://go.divx.com/p...owserPlugin.cab -- DivXBrowserPlugin Object
{6B75345B-AA36-438A-BBE6-4078B4C6984D}: http://h20270.www2.h...ctDetection.cab -- HpProductDetection Class
{8990AFAD-D352-42AC-A72F-A660BBF6E209}: https://udit.taxcut..../AtxConsole.cab -- OfficeScan Management Console
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/...indows-i586.cab -- Java Plug-in 1.6.0_07
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.ma...t/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
{B24F0664-7DDA-40B6-B38C-A4FD68DE8685}: http://192.223.249.9...aDownloader.cab -- CentraDownloaderCtl Class
{C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3}: http://a532.g.akamai...0/installer.exe -- Virtools WebPlayer Class
{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}: http://java.sun.com/...indows-i586.cab -- Java Plug-in 1.4.2
{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}: http://java.sun.com/...indows-i586.cab -- Java Plug-in 1.5.0_16
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}: http://java.sun.com/...indows-i586.cab -- Java Plug-in 1.6.0_01
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/...indows-i586.cab -- Java Plug-in 1.6.0_07
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://download.macr...ash/swflash.cab -- Shockwave Flash Object
bandInstaller: https://sc.omniture....apInstaller.CAB -- Reg Error: Key does not exist or could not be opened.
Microsoft XML Parser for Java: -- Reg Error: Key does not exist or could not be opened.
vzTCPConfig: http://www2.verizon....vzTCPConfig.CAB -- Reg Error: Key does not exist or could not be opened.
========== (O17) DNS Name Servers ==========
{06BCDCB9-ECDD-468D-9D11-19E80EA5653B} (Servers: | Description: Broadcom 802.11b/g WLAN)
{39F39582-3B9F-43F8-B1C4-25D21A74AA9F} (Servers: | Description: )
{55F9EAFB-63EB-4971-8664-8931D1DEDA18} (Servers: | Description: 1394 Net Adapter)
{86B46416-83EB-4CEA-960A-BBAE31F59CE0} (Servers: | Description: National Semiconductor Corp. DP83815/816 10/100 MacPhyter PCI Adapter)
{FE8E1F4B-8194-4DE4-914A-A73540DFFE00} (Servers: | Description: 1394 Net Adapter)
========== (O19) User Style Sheets ==========
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles]
========== (O20) Winlogon Notify Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
WBSrv: "DllName" = C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll -- C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll (Stardock)
========== Shell Execute Hooks ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" (HKLM) -- C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
========== Safeboot Options ==========
"AlternateShell"=cmd.exe
========== CDRom AutoRun Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1
========== MountPoints2 ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\##IBM_A31#D\Shell]
""=AutoRun
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\##IBM_A31#D\Shell\AutoRun]
""=Auto&Play
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\##IBM_A31#D\Shell\AutoRun\command]
""=Z:\Student_One_Stop.exe -- File not found
========== Files/Folders - Created Within 30 Days ==========
[2 C:\WINDOWS\*.tmp files]
[2009-01-08 14:50:54 | 00,000,000 | ---D | C] -- C:\_OTMoveIt
[2009-01-08 14:50:05 | 00,348,160 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Devansh\Desktop\OTMoveIt3.exe
[2009-01-08 14:39:33 | 01,450,211 | ---- | C] (ShareStar, Inc. ) -- C:\Documents and Settings\Devansh\Desktop\NewSpy.exe
[2009-01-06 21:32:07 | 00,581,861 | ---- | C] () -- C:\Documents and Settings\Devansh\Desktop\MouseTrap Car Design.skp
[2009-01-05 15:40:10 | 00,000,000 | ---- | C] () -- C:\WINDOWS\gmer.reg
[2009-01-05 15:40:06 | 00,000,000 | ---- | C] () -- C:\WINDOWS\gmer.bat
[2009-01-05 14:42:10 | 00,573,440 | ---- | C] () -- C:\WINDOWS\gmer.exe
[2009-01-05 14:42:10 | 00,565,311 | ---- | C] () -- C:\WINDOWS\gmer.dll
[2009-01-05 14:42:10 | 00,068,961 | ---- | C] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2009-01-05 14:42:10 | 00,000,250 | ---- | C] () -- C:\WINDOWS\gmer.ini
[2009-01-05 14:42:10 | 00,000,080 | ---- | C] () -- C:\WINDOWS\gmer_uninstall.cmd
[2009-01-05 14:37:05 | 00,422,912 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Devansh\Desktop\OTViewIt.exe
[2009-01-04 18:54:38 | 00,152,515 | ---- | C] () -- C:\Documents and Settings\Devansh\Desktop\SAT Writing Section!.docx
[2009-01-04 18:45:19 | 00,347,488 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Devansh\Desktop\WINWORD.EXE
[2009-01-04 16:24:14 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009-01-04 16:08:57 | 00,053,248 | ---- | C] (Sysinternals) -- C:\WINDOWS\PSEXESVC.EXE
[2009-01-04 16:08:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009-01-04 16:04:51 | 00,000,221 | ---- | C] () -- C:\Boot.bak
[2009-01-04 16:04:48 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009-01-04 16:04:38 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009-01-04 16:02:32 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009-01-04 16:02:32 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009-01-04 16:02:32 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009-01-04 16:02:32 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009-01-04 16:02:32 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe
[2009-01-04 16:02:32 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009-01-04 16:02:32 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009-01-04 16:02:32 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFIND.exe
[2009-01-04 16:02:32 | 00,028,672 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009-01-04 11:37:16 | 10,056,37632 | -HS- | C] () -- C:\hiberfil.sys
[2009-01-04 11:12:05 | 01,307,356 | -HS- | C] () -- C:\WINDOWS\System32\smsmuorw.ini
[2009-01-03 23:09:48 | 02,108,912 | -H-- | C] () -- C:\Documents and Settings\Devansh\Local Settings\Application Data\IconCache.db
[2009-01-03 18:14:39 | 04,291,481 | ---- | C] () -- C:\Documents and Settings\Devansh\Desktop\rabnebanadijodi02(www.songs.pk).mp3
[2009-01-03 18:06:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Devansh\Desktop\All Hindi
[2009-01-03 18:06:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Devansh\Desktop\All Techno
[2009-01-03 18:05:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Devansh\Desktop\All Rap Hip-Hop
[2009-01-03 18:05:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Devansh\Desktop\Desktop
[2009-01-03 13:39:51 | 17,842,981 | ---- | C] () -- C:\Documents and Settings\Devansh\Desktop\The Final Shiva Arth..mp3
[2009-01-02 15:34:46 | 00,002,137 | ---- | C] () -- C:\Documents and Settings\Devansh\Desktop\iTunes.lnk
[2009-01-02 15:34:37 | 01,181,696 | ---- | C] () -- C:\Documents and Settings\Devansh\Desktop\ShockAero3D.exe
[2009-01-02 11:43:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Devansh\Desktop\All Deleted Files
[2009-01-02 10:44:13 | 00,065,536 | ---- | C] () -- C:\WINDOWS\IFinst27.exe
[2009-01-02 10:33:56 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Devansh\My Documents\ObjectDock Library
[2009-01-02 10:33:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Devansh\Local Settings\Application Data\Stardock
[2009-01-02 09:23:42 | 00,000,801 | ---- | C] () -- C:\Documents and Settings\Devansh\Desktop\ObjectDock.lnk
[2009-01-02 09:23:04 | 00,000,000 | ---D | C] -- C:\Program Files\WinFlip
[2009-01-02 08:57:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Devansh\Local Settings\Application Data\TouchStoneSoftware
[2009-01-01 18:24:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Devansh\Desktop\All Documents and Folders
[2009-01-01 18:07:40 | 00,000,000 | ---D | C] -- C:\Program Files\Shock Utility
[2009-01-01 17:59:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Devansh\My Documents\My Widgets
[2008-12-27 13:55:32 | 00,163,456 | ---- | C] () -- C:\WINDOWS\System32\drivers\vidstub.sys
[2008-12-26 19:15:32 | 00,218,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\uxtheme.backup
[2008-12-26 13:13:13 | 00,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
[2008-12-20 14:26:18 | 00,000,143 | ---- | C] () -- C:\WINDOWS\WB.ini
[2008-12-20 14:15:13 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\wbload.dll
[2008-12-20 13:52:14 | 00,000,024 | ---- | C] () -- C:\WINDOWS\LogonStudio.ini
[2008-12-20 13:44:27 | 00,045,056 | ---- | C] (Stardust Software) -- C:\WINDOWS\System32\sstunst3.exe
[2008-12-20 13:44:24 | 01,061,188 | ---- | C] () -- C:\WINDOWS\System32\ah.mx1
[2008-12-20 13:44:24 | 00,564,736 | ---- | C] (Stardust Software) -- C:\WINDOWS\System32\ah.scr
[2008-12-20 13:44:24 | 00,020,610 | ---- | C] () -- C:\WINDOWS\System32\ah.ibx
[2008-12-20 13:44:02 | 00,187,392 | ---- | C] () -- C:\WINDOWS\System32\JPGUtils.dll
[2008-12-20 13:43:59 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Stardock
[2008-12-20 13:43:58 | 00,000,000 | ---D | C] -- C:\Program Files\WinCustomize
[2008-12-20 13:41:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Devansh\Application Data\Unity
[2008-12-20 12:56:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Devansh\Local Settings\Application Data\Unity
[2008-12-20 12:56:13 | 00,000,000 | ---D | C] -- C:\Program Files\Unity
[2008-12-18 16:29:48 | 00,000,045 | ---- | C] () -- C:\TEST.XML
[2008-12-17 15:17:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\vbSkinner
[2008-12-17 15:17:16 | 00,412,672 | ---- | C] (JB) -- C:\WINDOWS\System32\VBSKPRO2.OCX
[2008-12-17 15:17:12 | 00,245,248 | ---- | C] (Tools & Components) -- C:\WINDOWS\System32\SEVXPCTL.OCX
[2008-12-17 15:17:12 | 00,145,920 | ---- | C] (Tools & Components) -- C:\WINDOWS\System32\SEVCMD3.OCX
[2008-12-16 20:43:16 | 00,000,210 | -HS- | C] () -- C:\BOOT.BKK
[2008-12-14 18:51:49 | 00,000,784 | ---- | C] () -- C:\Documents and Settings\Devansh\Application Data\mpauth.dat
[2008-12-13 14:32:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Devansh\Local Settings\Application Data\Sample_SAT_Essays
[2008-12-13 14:26:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Devansh\Local Settings\Application Data\Conduit
========== Files - Modified Within 30 Days ==========
[22 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2009-01-08 14:50:11 | 00,348,160 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Devansh\Desktop\OTMoveIt3.exe
[2009-01-08 14:39:45 | 01,450,211 | ---- | M] (ShareStar, Inc. ) -- C:\Documents and Settings\Devansh\Desktop\NewSpy.exe
[2009-01-07 12:19:51 | 00,581,861 | ---- | M] () -- C:\Documents and Settings\Devansh\Desktop\MouseTrap Car Design.skp
[2009-01-07 11:23:35 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009-01-07 11:20:40 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009-01-07 11:20:39 | 00,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2009-01-07 11:20:24 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009-01-07 11:20:20 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009-01-07 11:20:15 | 10,056,37632 | -HS- | M] () -- C:\hiberfil.sys
[2009-01-05 15:46:51 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\Devansh\Desktop\iTunes.lnk
[2009-01-05 15:40:10 | 00,000,000 | ---- | M] () -- C:\WINDOWS\gmer.reg
[2009-01-05 15:40:06 | 00,000,000 | ---- | M] () -- C:\WINDOWS\gmer.bat
[2009-01-05 15:13:59 | 00,000,250 | ---- | M] () -- C:\WINDOWS\gmer.ini
[2009-01-05 14:42:10 | 00,565,311 | ---- | M] () -- C:\WINDOWS\gmer.dll
[2009-01-05 14:42:10 | 00,068,961 | ---- | M] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2009-01-05 14:42:10 | 00,000,080 | ---- | M] () -- C:\WINDOWS\gmer_uninstall.cmd
[2009-01-05 14:37:12 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Devansh\Desktop\OTViewIt.exe
[2009-01-04 18:54:40 | 00,152,515 | ---- | M] () -- C:\Documents and Settings\Devansh\Desktop\SAT Writing Section!.docx
[2009-01-04 16:11:50 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009-01-04 16:11:19 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009-01-04 16:08:57 | 00,053,248 | ---- | M] (Sysinternals) -- C:\WINDOWS\PSEXESVC.EXE
[2009-01-04 16:04:52 | 00,000,291 | RHS- | M] () -- C:\boot.ini
[2009-01-04 11:12:14 | 01,307,356 | -HS- | M] () -- C:\WINDOWS\System32\smsmuorw.ini
[2009-01-03 23:09:48 | 02,108,912 | -H-- | M] () -- C:\Documents and Settings\Devansh\Local Settings\Application Data\IconCache.db
[2009-01-03 20:41:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009-01-03 18:14:50 | 04,291,481 | ---- | M] () -- C:\Documents and Settings\Devansh\Desktop\rabnebanadijodi02(www.songs.pk).mp3
[2009-01-03 13:41:33 | 17,842,981 | ---- | M] () -- C:\Documents and Settings\Devansh\Desktop\The Final Shiva Arth..mp3
[2009-01-02 15:50:39 | 00,163,456 | ---- | M] () -- C:\WINDOWS\System32\drivers\vidstub.sys
[2009-01-02 15:50:02 | 00,000,024 | ---- | M] () -- C:\WINDOWS\LogonStudio.ini
[2009-01-02 10:44:13 | 00,065,536 | ---- | M] () -- C:\WINDOWS\IFinst27.exe
[2009-01-02 09:23:42 | 00,000,801 | ---- | M] () -- C:\Documents and Settings\Devansh\Desktop\ObjectDock.lnk
[2009-01-02 08:50:47 | 00,000,221 | ---- | M] () -- C:\Boot.bak
[2009-01-02 08:43:18 | 00,000,045 | ---- | M] () -- C:\TEST.XML
[2008-12-26 13:13:13 | 00,002,560 | ---- | M] () -- C:\WINDOWS\_MSRSTRT.EXE
[2008-12-20 14:43:27 | 00,000,143 | ---- | M] () -- C:\WINDOWS\WB.ini
[2008-12-20 13:44:27 | 00,045,056 | ---- | M] (Stardust Software) -- C:\WINDOWS\System32\sstunst3.exe
[2008-12-20 13:44:24 | 01,061,188 | ---- | M] () -- C:\WINDOWS\System32\ah.mx1
[2008-12-20 13:44:24 | 00,564,736 | ---- | M] (Stardust Software) -- C:\WINDOWS\System32\ah.scr
[2008-12-20 13:44:24 | 00,020,610 | ---- | M] () -- C:\WINDOWS\System32\ah.ibx
[2008-12-17 16:11:40 | 00,361,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\TCPIP.SYS.ORIGINAL
[2008-12-17 16:11:40 | 00,361,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\TCPIP.SYS
[2008-12-17 16:11:40 | 00,361,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\TCPIP.SYS
[2008-12-17 15:17:16 | 00,412,672 | ---- | M] (JB) -- C:\WINDOWS\System32\VBSKPRO2.OCX
[2008-12-17 15:17:12 | 00,245,248 | ---- | M] (Tools & Components) -- C:\WINDOWS\System32\SEVXPCTL.OCX
[2008-12-17 15:17:12 | 00,145,920 | ---- | M] (Tools & Components) -- C:\WINDOWS\System32\SEVCMD3.OCX
[2008-12-14 18:51:49 | 00,000,784 | ---- | M] () -- C:\Documents and Settings\Devansh\Application Data\mpauth.dat
[2008-12-14 13:59:11 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008-12-12 15:37:32 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2008-12-12 15:37:32 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2008-12-12 12:01:00 | 03,067,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2008-12-12 12:01:00 | 03,067,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2008-12-11 15:40:17 | 00,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[2008-12-09 18:24:37 | 17,593,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
< End of report >
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2769040C-B5E5-446F-95D1-CCCE449BF08D}\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar\\{affa8b5f-909b-492b-952a-bc1b2ac37395} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{affa8b5f-909b-492b-952a-bc1b2ac37395}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{AFFA8B5F-909B-492B-952A-BC1B2AC37395} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFFA8B5F-909B-492B-952A-BC1B2AC37395}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry value HKEY_USERS\S-1-5-21-248443124-3853638973-3280566910-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}\ not found.
Registry value HKEY_USERS\S-1-5-21-248443124-3853638973-3280566910-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{AFFA8B5F-909B-492B-952A-BC1B2AC37395} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFFA8B5F-909B-492B-952A-BC1B2AC37395}\ not found.
Registry value HKEY_USERS\S-1-5-21-248443124-3853638973-3280566910-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\cfgcomadm deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\CryptLoad deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ProxyWay deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\YBlEiyprNI deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\"UIHost"|"C:\WINDOWS\system32\logonui.exe" /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\opnkkliH\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\StrUtil deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{61ca4e41-9d88-11dd-a135-00904b4167db}\\ deleted successfully.
HKEY_CLASSES_ROOT\.scr\\@|"scrfiles" /E : value set successfully!
HKEY_CLASSES_ROOT\scrfiles\shell\\@|"Open" /E : value set successfully!
HKEY_CLASSES_ROOT\scrfiles\shell\&open\command\\@|"\"%1\" %*" /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-248443124-3853638973-3280566910-1008\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4AAF8D7F-BF0D-7FEC-2B70-27A003C489A7}\\ not found.
========== FILES ==========
File/Folder C:\WINDOWS\system32\jkkLDTmM.dll not found.
File/Folder C:\WINDOWS\system32\nevyrqly.exe not found.
C:\WINDOWS\System32\CF23831.exe moved successfully.
C:\start moved successfully.
C:\WINDOWS\tasks\lunywxgs.job moved successfully.
C:\WINDOWS\System32\bxubvkzk.exe moved successfully.
File/Folder C:\Program Files\dhahmac not found.
Folder C:\Documents and Settings\Devansh\Desktop\CryptLoad_RS_MUDownloader_v1.04_ByMechodownload not found.
File/Folder C:\Program Files\ProxyWay not found.
C:\Documents and Settings\All Users\Application Data\xwzsbyts moved successfully.
C:\WINDOWS\system32\logonuiX.exe moved successfully.
OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01082009_145054
OTViewIt Extras
OTViewIt Extras logfile created on: 2009-01-08 2:52:54 PM - Run 2
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Devansh\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy-MM-dd
958.98 Mb Total Physical Memory | 443.29 Mb Available Physical Memory | 46.22% Memory free
1.51 Gb Paging File | 1.08 Gb Available in Paging File | 71.05% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.30 Gb Total Space | 8.42 Gb Free Space | 28.74% Space Free | Partition Type: NTFS
Drive D: | 26.58 Gb Total Space | 25.01 Gb Free Space | 94.11% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: STUDYTIME
Current User Name: Devansh
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days
"Use My Stylesheet"=
"User Stylesheet"=
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.scr [@ = Reg Error: Value does not exist or could not be read.] -- Reg Error: Key does not exist or could not be opened. File not found
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DoNotAllowExceptions"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\IcmpSettings]
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008-04-13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
File not found -- C:\Program Files\GlobalSCAPE\CuteFTP Pro\TE\ftpte.exe:*:Enabled:FTP Transfer Engine
File not found -- C:\Program Files\SecureCRT\SecureCRT.EXE:*:Enabled:SecureCRT Application
File not found -- C:\Program Files\StarNet\X-Win32\xwin32.exe:*:Enabled:X-Win32 X-Server
[2008-04-13 19:12:15 | 01,032,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\NetMeeting\conf.exe:*:Disabled:Windows® NetMeeting®
[2008-04-13 19:12:20 | 00,042,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ftp.exe:*:Enabled:File Transfer Program
File not found -- C:\Program Files\Altova\xmlspy\XMLSPY.exe:*:Enabled:XMLSPY
File not found -- C:\Program Files\Altova\xmlspy\StylesheetDesigner.exe:*:Enabled:Stylesheet Designer
[2008-04-13 19:12:22 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer
File not found -- C:\Program Files\CentraOne\bin\launcher.exe:*:Enabled:CentraOne Launcher
File not found -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
File not found -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)
[2008-04-13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008-04-13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
File not found -- C:\Program Files\SecureCRT\SecureCRT.EXE:*:Enabled:SecureCRT Application
[2008-04-13 19:12:15 | 01,032,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting®
File not found -- C:\Program Files\Altova\xmlspy\XMLSPY.exe:*:Enabled:XMLSPY
File not found -- C:\Program Files\GlobalSCAPE\CuteFTP Pro\TE\ftpte.exe:*:Enabled:FTP Transfer Engine
[2008-04-13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
File not found -- C:\Program Files\CounterPath\X-Lite\x-lite.exe:*:Enabled:X-Lite
File not found -- C:\Program Files\CounterPath\eyeBeam 1.5\eyeBeam.exe:*:Enabled:eyeBeam
[2006-10-18 20:46:20 | 00,064,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmplayer.exe:*:Enabled:Windows Media Player
[2008-10-16 14:05:13 | 00,514,560 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe
[2008-02-29 08:27:53 | 00,418,816 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe
[2008-10-16 14:05:10 | 00,590,848 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe
[2008-12-17 20:01:53 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox
File not found -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
File not found -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)
File not found -- C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client
File not found -- C:\Program Files\ProxyWay\proxyway.exe:*:Enabled:ProxyWay Extra
[2007-09-18 14:11:20 | 01,422,592 | ---- | M] (Sony Creative Software Inc.) -- C:\Program Files\Sony\Media Manager for PSP 2.5\MediaManager.exe:*:Enabled:Media Manager for PSP 2.5
File not found -- C:\Program Files\Xi\NetXfer\NetTransport.exe:*:Enabled:NetXfer Download Manager
File not found -- C:\Documents and Settings\Devansh\Desktop\CryptLoad_RS_MUDownloader_v1.04_ByMechodownload\CryptLoad RS&MUDownloader v1.04_ByMechodownload\CryptLoad_1.0.4\RouterClient.exe:*:Enabled:RouterClient
File not found -- C:\Program Files\CSS & HL2 - Final Pack\hl2.exe:*:Enabled:hl2
[2008-04-13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
File not found -- C:\srcds\srcds.exe:*:Enabled:srcds
File not found -- C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC
[2007-12-03 19:28:42 | 00,254,976 | ---- | M] (Azureus Inc) -- C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus
File not found -- C:\Program Files\SmsDiscount.com\SmsDiscount\SmsDiscount.exe:*:Enabled:SmsDiscount
[2008-05-21 04:37:24 | 12,844,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook
[2008-11-05 16:34:16 | 00,318,976 | ---- | M] (Octoshape ApS) -- C:\Documents and Settings\Devansh\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player
[2008-11-20 13:20:48 | 14,294,824 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
File not found -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
[2008-06-10 00:21:01 | 00,135,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\system32\java.exe:*:Enabled:Java™ Platform SE binary
[2008-06-10 00:21:04 | 00,135,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\system32\javaw.exe:*:Enabled:Java™ Platform SE binary
========== (O18) Protocol Handlers ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]
[2007-08-28 23:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
msdaipp: [HKLM - No CLSID value]
[2007-08-28 23:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
[2007-08-28 23:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]
[2006-10-26 13:45:02 | 00,873,216 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} (HKLM) [HxProtocol Class])
[2007-05-10 12:45:34 | 08,069,464 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])
========== (O18) Protocol Filters ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2006-10-26 21:41:48 | 00,044,344 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL text/xml:{807563E5-5146-11D5-A672-00B0D022E945} (HKLM) [Microsoft Office InfoPath XML Mime Filter]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00CD55D6-EE5A-4570-9875-8A306628C032}"=Cisco Systems VPN Client 4.7.00.0533
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}"=ATI Control Panel
"{0D6AACB5-9663-472D-8D29-1DC8F4D3E6FF}"=Sony Media Manager for PSP 2.5
"{2A267BC6-F77F-4DD4-825F-7AEB1F68B4B1}"=HpSdpAppCoreApp
"{318AB667-3230-41B5-A617-CB3BF748D371}"=iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0150160}"=J2SE Runtime Environment 5.0 Update 16
"{3248F0A8-6813-11D6-A77B-00B0D0160010}"=Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java™ 6 Update 7
"{32A3A4F4-B792-11D6-A78A-00B0D0150160}"=J2SE Development Kit 5.0 Update 16
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{46DDF76F-ACD4-42BC-B48F-B89C4EE2E1A9}"=Easy CD & DVD Creator 6
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}"=Microsoft SQL Server Setup Support Files (English)
"{671CB656-DCED-4C30-90AD-CA75CB5C7BAA}"=Windows Live Local Add-in for Microsoft Office Outlook
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{7148F0A8-6813-11D6-A77B-00B0D0142000}"=Java 2 Runtime Environment, SE v1.4.2
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}"=Microsoft Silverlight
"{90120000-0010-0409-0000-0000000FF1CE}"=Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}"=Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}"=Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}"=Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}"=Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}"=Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}"=Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}"=Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{3EC77D26-799B-4CD8-914F-C1565E796173}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}"=Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{430971B1-C31E-45DA-81E0-72C095BAB72C}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}"=Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0020-0409-0000-0000000FF1CE}"=Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}"=Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}"=Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{FAD8A83E-9BAC-4179-9268-A35948034D85}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}"=Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{FAD8A83E-9BAC-4179-9268-A35948034D85}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}"=Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{903A0409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Project Standard 2003
"{90510409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Visio Professional 2003
"{91120000-0014-0000-0000-0000000FF1CE}"=Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{924EB80F-C2BB-4B9F-8412-88BBA937393F}"=MobileMe Control Panel
"{98E8A2EF-4EAE-43B8-A172-74842B764777}"=InterVideo WinDVD
"{A06275F4-324B-4E85-95E6-87B2CD729401}"=Windows Defender
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}"=MSXML 6.0 Parser
"{A8B94669-8654-4126-BD28-D0D2412CDED6}"=TI Connect 1.6
"{A8F2DCDE-AE4E-4AC9-BECD-496FB80FBF6A}"=Notebook Utilities
"{AC76BA86-7AD7-1033-7B44-A71000000002}"=Adobe Reader 7.1.0
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{BEF106F8-2689-4530-925A-E1117836E8CD}"=Google SketchUp 7
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}"=HP Product Detection
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}"=Microsoft SQL Server VSS Writer
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}"=Apple Mobile Device Support
"{F07AE5AB-516C-4CEB-A0AA-AD083B9182C6}"=TI NoteFolio Creator
"{F958CA02-BB40-4007-894B-258729456EE4}"=QuickTime
"{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}"=Microsoft SQL Server Native Client
"Adobe Acrobat 5.0"=Adobe Acrobat 5.0
"Adobe Flash Player ActiveX"=Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player Plugin
"Adobe Shockwave Player"=Adobe Shockwave Player 11
"ah"=ah Screen Saver
"ATI Display Driver"=ATI Display Driver
"Autodesk WHIP!"=Autodesk WHIP! (Release 4.0-102)
"AVG7Uninstall"=AVG 7.5
"BootSkin"=BootSkin
"Broadcom 802.11 Application"=Broadcom 802.11 Control Panel
"Broadcom 802.11b Network Adapter"=Broadcom 802.11 Driver
"Channel Master"=Channel Master
"CNXT_MODEM_PCI_VEN_10B9&DEV_5457&SUBSYS_0850103C"=Conexant 56K ACLink Modem
"Compare It!_is1"=Compare It! 3.1
"Conexant PCI Audio"=Conexant AC-Link Audio
"Free Video to iPod Converter_is1"=Free Video to iPod Converter version 3.1
"Graph paper printer"=Graph paper printer
"HijackThis"=HijackThis 2.0.2
"IconPackager"=IconPackager
"IE4Dev"=Microsoft Script Debugger
"LogonStudio"=LogonStudio
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Mozilla Firefox (3.0.5)"=Mozilla Firefox (3.0.5)
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"ObjectDock"=ObjectDock
"PROR"=Microsoft Office Professional 2007
"QT4HPOT"=One-Touch Buttons
"RealPlayer 6.0"=RealPlayer
"Shock Aero 3D v0.97"=Shock Aero 3D v0.97
"ST6UNST #1"=C-Force
"SynTPDeinstKey"=Synaptics Pointing Device Driver
"The Journal 4_is1"=The Journal 4
"Trillian"=Trillian
"UnityWebPlayer"=Unity Web Player
"VSHD Edit_is1"=VSHD Edit 1.7
"VSHD Loader_is1"=VSHD Loader 1.1
"Vuze"=Vuze
"WIC"=Windows Imaging Component
"WindowBlinds"=WindowBlinds
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 3
"WinFlip 0.50"=WinFlip 0.50
"WinRAR archiver"=WinRAR archiver
"winscp3_is1"=WinSCP 4.1.6
"WinZip"=WinZip
"WMCSetup"=Windows Media Connect
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"WZCLINE"=WinZip Command Line Support Add-On 2.0
"XP All-In-One Styler_is1"=XP All-In-One Styler 2.0.1
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape add-in for Adobe Flash Player"=Octoshape add-in for Adobe Flash Player
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 2008-12-31 11:22:53 AM | Computer Name = STUDYTIME | Source = WLTRYSVC | ID = 2
Description = SetServiceStatus() failed
Error - 2009-01-03 3:23:11 PM | Computer Name = STUDYTIME | Source = Application Error | ID = 1000
Description = Faulting application iconexplorer.exe, version 3.1.0.0, faulting module
iconexplorer.exe, version 3.1.0.0, fault address 0x000085b3.
Error - 2009-01-03 4:16:09 PM | Computer Name = STUDYTIME | Source = MPSampleSubmission | ID = 5000
Description = EventType avsubmit, P1 windefend, P2 1.1.4205.0, P3 unspecified, P4
1.49.1289.0, P5 trojan_win32_vundo.gen!c, P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL.
Error - 2009-01-03 4:22:48 PM | Computer Name = STUDYTIME | Source = Application Hang | ID = 1002
Description = Hanging application rundll32.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 2009-01-04 12:09:51 AM | Computer Name = STUDYTIME | Source = WLTRYSVC | ID = 2
Description = SetServiceStatus() failed
Error - 2009-01-04 12:19:28 PM | Computer Name = STUDYTIME | Source = MPSampleSubmission | ID = 5000
Description = EventType avsubmit, P1 windefend, P2 1.1.4205.0, P3 unspecified, P4
1.49.1289.0, P5 trojan_win32_vundo.gen!y, P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL.
Error - 2009-01-04 12:20:38 PM | Computer Name = STUDYTIME | Source = MPSampleSubmission | ID = 5000
Description = EventType avsubmit, P1 windefend, P2 1.1.4205.0, P3 unspecified, P4
1.49.1289.0, P5 trojan_win32_vundo.gen!y, P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL.
Error - 2009-01-04 12:26:08 PM | Computer Name = STUDYTIME | Source = WLTRYSVC | ID = 2
Description = SetServiceStatus() failed
Error - 2009-01-04 5:25:12 PM | Computer Name = STUDYTIME | Source = WinDefendRtp | ID = 3003
Description = %%827 Real-Time Protection checkpoint has encountered an error and
failed to start. User: STUDYTIME\Devansh Checkpoint ID: 1 Error Code: 0x80070005 Error
description: Access is denied.
Error - 2009-01-04 5:25:12 PM | Computer Name = STUDYTIME | Source = WinDefendRtp | ID = 3003
Description = %%827 Real-Time Protection checkpoint has encountered an error and
failed to start. User: STUDYTIME\Devansh Checkpoint ID: 1 Error Code: 0x8000ffff Error
description: Catastrophic failure
[ System Events ]
Error - 2009-01-05 3:34:03 PM | Computer Name = STUDYTIME | Source = Service Control Manager | ID = 7034
Description = The SQL Server VSS Writer service terminated unexpectedly. It has
done this 1 time(s).
Error - 2009-01-06 6:40:29 PM | Computer Name = STUDYTIME | Source = Service Control Manager | ID = 7022
Description = The SQL Server VSS Writer service hung on starting.
Error - 2009-01-06 6:40:29 PM | Computer Name = STUDYTIME | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
IntelIde PCIIde ViaIde
Error - 2009-01-06 6:40:30 PM | Computer Name = STUDYTIME | Source = Service Control Manager | ID = 7034
Description = The SQL Server VSS Writer service terminated unexpectedly. It has
done this 1 time(s).
Error - 2009-01-07 6:37:06 AM | Computer Name = STUDYTIME | Source = Service Control Manager | ID = 7022
Description = The SQL Server VSS Writer service hung on starting.
Error - 2009-01-07 6:37:06 AM | Computer Name = STUDYTIME | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
IntelIde PCIIde ViaIde
Error - 2009-01-07 6:37:06 AM | Computer Name = STUDYTIME | Source = Service Control Manager | ID = 7034
Description = The SQL Server VSS Writer service terminated unexpectedly. It has
done this 1 time(s).
Error - 2009-01-07 12:22:06 PM | Computer Name = STUDYTIME | Source = Service Control Manager | ID = 7022
Description = The SQL Server VSS Writer service hung on starting.
Error - 2009-01-07 12:22:06 PM | Computer Name = STUDYTIME | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
IntelIde PCIIde ViaIde
Error - 2009-01-07 12:22:06 PM | Computer Name = STUDYTIME | Source = Service Control Manager | ID = 7034
Description = The SQL Server VSS Writer service terminated unexpectedly. It has
done this 1 time(s).
< End of report >
OTWiewIt Log
OTViewIt logfile created on: 2009-01-08 2:52:54 PM - Run 2
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Devansh\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy-MM-dd
958.98 Mb Total Physical Memory | 443.29 Mb Available Physical Memory | 46.22% Memory free
1.51 Gb Paging File | 1.08 Gb Available in Paging File | 71.05% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.30 Gb Total Space | 8.42 Gb Free Space | 28.74% Space Free | Partition Type: NTFS
Drive D: | 26.58 Gb Total Space | 25.01 Gb Free Space | 94.11% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: STUDYTIME
Current User Name: Devansh
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days
========== Processes ==========
[2006-11-03 18:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
[2008-11-07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2008-02-29 08:27:53 | 00,418,816 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG7\avgamsvr.exe
[2008-02-29 08:28:16 | 00,049,664 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG7\avgupsvc.exe
[2005-08-12 16:37:50 | 01,504,256 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
[2002-08-15 13:11:00 | 00,151,552 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\HPConfig.exe
[2003-01-14 17:12:14 | 00,053,248 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
[2004-01-13 08:51:10 | 00,045,056 | ---- | M] () -- C:\WINDOWS\system32\WLTRYSVC.EXE
[2001-05-01 20:06:22 | 00,053,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MsPMSPSv.exe
[2006-10-18 19:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
[2002-08-14 20:29:38 | 00,290,816 | ---- | M] (ATI Technologies, Inc.) -- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[2003-03-13 10:14:42 | 00,102,400 | ---- | M] (Dritek System Inc.) -- C:\Program Files\HPQ\One-Touch\ONETOUCH.EXE
[2005-02-02 19:12:24 | 00,102,492 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
[2005-02-02 19:11:14 | 00,692,316 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[2003-05-21 15:35:50 | 00,004,608 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\carpserv.exe
[2008-10-16 14:05:10 | 00,590,848 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG7\avgcc.exe
[2008-06-10 03:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[2006-10-18 19:05:26 | 00,204,288 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
[2004-01-13 08:51:08 | 00,499,712 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\BCMWLTRY.EXE
[2008-04-13 19:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2008-01-28 19:39:59 | 00,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[2008-12-17 20:01:53 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2008-10-16 14:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2009-01-08 14:50:11 | 00,348,160 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Devansh\Desktop\OTMoveIt3.exe
[2009-01-05 14:37:12 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Devansh\Desktop\OTViewIt.exe
========== (O23) Win32 Services ==========
[2008-11-07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2007-10-24 00:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2008-02-29 08:27:53 | 00,418,816 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG7\avgamsvr.exe -- (Avg7Alrt [Auto | Running])
[2008-02-29 08:28:16 | 00,049,664 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG7\avgupsvc.exe -- (Avg7UpdSvc [Auto | Running])
[2007-10-24 00:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2005-08-12 16:37:50 | 01,504,256 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND [Auto | Running])
[2002-08-15 13:11:00 | 00,151,552 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\HPConfig.exe -- (HPConfig [Auto | Running])
[2003-01-14 17:12:14 | 00,053,248 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe -- (HPWirelessMgr [Auto | Running])
[2005-04-03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2008-11-20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
File not found -- -- (MSSQLServerADHelper [On_Demand | Stopped])
[2007-08-24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
[2006-10-26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2007-02-10 05:29:56 | 00,089,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter [Auto | Stopped])
[2006-11-03 18:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend [Auto | Running])
[2004-01-13 08:51:10 | 00,045,056 | ---- | M] () -- C:\WINDOWS\system32\WLTRYSVC.EXE -- (WLTRYSVC [Auto | Running])
[2001-05-01 20:06:22 | 00,053,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MsPMSPSv.exe -- (WMDM PMSP Service [Auto | Running])
[2006-10-18 19:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [Auto | Running])
========== Driver Services ==========
[2001-08-17 16:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde [Boot | Running])
[2003-07-10 06:16:46 | 00,026,112 | R--- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\drivers\aliirda.sys -- (ALiIRDA [On_Demand | Running])
[2005-11-21 00:48:20 | 00,016,512 | ---- | M] (Adaptec) -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32 [Auto | Running])
[2004-05-15 18:29:12 | 00,701,952 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
[2008-02-29 08:28:20 | 00,821,856 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\system32\drivers\avg7core.sys -- (Avg7Core [System | Running])
[2008-02-29 08:28:25 | 00,004,224 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\system32\drivers\avg7rsw.sys -- (Avg7RsW [System | Running])
[2008-02-29 08:28:26 | 00,027,776 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\system32\drivers\avg7rsxp.sys -- (Avg7RsXP [System | Running])
[2008-02-29 08:29:50 | 00,010,760 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\system32\drivers\avgclean.sys -- (AvgClean [System | Running])
[2006-10-12 23:26:56 | 00,604,928 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX [On_Demand | Running])
[2009-01-02 15:50:39 | 00,163,456 | ---- | M] () -- C:\WINDOWS\system32\drivers\vidstub.sys -- (BootScreen [Boot | Running])
[2002-07-18 08:07:50 | 00,023,602 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atisgkaf.SYS -- (caboagp [Boot | Running])
[2004-02-17 17:58:40 | 00,292,352 | ---- | M] (Conexant Systems Inc.) -- C:\WINDOWS\system32\drivers\caliaud.sys -- (CALIAUD [On_Demand | Running])
[2004-02-17 17:59:18 | 00,273,536 | ---- | M] (Conexant Systems Inc.) -- C:\WINDOWS\system32\drivers\calihal.sys -- (CALIHALA [On_Demand | Running])
[2008-01-04 16:58:46 | 00,009,336 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp [System | Running])
[2008-01-04 16:58:46 | 00,009,464 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k [System | Running])
[2003-01-01 07:34:42 | 00,259,456 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys -- (cdudf_xp [System | Running])
[2001-08-17 02:13:20 | 00,027,164 | ---- | M] (Xircom, Inc.) -- C:\WINDOWS\system32\drivers\CE3N5.SYS -- (CE3 [On_Demand | Stopped])
[2005-05-17 03:51:34 | 00,005,315 | ---- | M] (Cisco Systems, Inc.) -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA [On_Demand | Stopped])
[2005-08-12 16:35:56 | 00,305,739 | ---- | M] (Cisco Systems, Inc.) -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA [On_Demand | Running])
[2002-10-16 07:15:54 | 00,014,543 | ---- | M] (Dritek System Inc.) -- C:\WINDOWS\system32\drivers\DKbFltr.SYS -- (DKbFltr [On_Demand | Running])
[2004-11-03 11:07:24 | 00,146,888 | ---- | M] (Deterministic Networks, Inc.) -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE [On_Demand | Running])
[2008-04-13 13:39:46 | 00,206,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\dot4.sys -- (Dot4 [On_Demand | Stopped])
[2001-08-17 12:47:32 | 00,012,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\Dot4Prt.sys -- (Dot4Print [On_Demand | Stopped])
[2003-07-16 20:01:02 | 00,028,280 | ---- | M] (National Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\DP83815.sys -- (DP83815 [On_Demand | Stopped])
[2003-07-18 20:25:16 | 00,021,993 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K [On_Demand | Stopped])
[2008-04-17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2009-01-05 14:42:10 | 00,068,961 | ---- | M] (GMER) -- C:\WINDOWS\system32\drivers\gmer.sys -- (gmer [On_Demand | Stopped])
[2002-07-17 15:09:12 | 00,014,504 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\drivers\hpci.sys -- (HPCI [On_Demand | Running])
[2004-12-15 13:18:28 | 00,205,696 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFHWALI.sys -- (HSFHWALI [On_Demand | Running])
[2003-05-21 15:31:22 | 01,063,040 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP [On_Demand | Stopped])
[2004-12-15 14:19:08 | 01,038,208 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV [On_Demand | Running])
[2008-04-13 13:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Stopped])
[2006-09-18 17:38:26 | 00,015,584 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X [Auto | Running])
[2006-06-19 13:26:58 | 00,012,672 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
[2003-07-18 20:25:14 | 00,022,745 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K [On_Demand | Running])
[2001-08-17 16:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])
[2008-04-13 13:53:09 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm [On_Demand | Stopped])
[2003-03-30 21:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2003-07-18 20:25:10 | 00,118,409 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k [System | Running])
[2008-01-04 16:58:46 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
[2007-01-18 10:24:58 | 00,026,496 | R--- | M] (Research in Motion Ltd) -- C:\WINDOWS\system32\drivers\RimSerial.sys -- (RimVSerPort [On_Demand | Stopped])
[2003-03-30 21:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rootmdm.sys -- (ROOTMODEM [On_Demand | Stopped])
[2008-04-13 13:40:48 | 00,043,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sbp2port.sys -- (sbp2port [Boot | Stopped])
[2007-11-13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2001-08-17 02:10:28 | 00,035,913 | ---- | M] (SMC) -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA [On_Demand | Stopped])
[2003-05-21 15:35:56 | 00,030,592 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\strmdisp.sys -- (StreamDispatcher [Auto | Running])
[2005-02-02 18:59:00 | 00,191,456 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP [On_Demand | Running])
[2004-02-04 10:27:56 | 00,049,536 | ---- | M] (Texas Instruments Incorporated) -- C:\WINDOWS\system32\drivers\tiehdusb.sys -- (TIEHDUSB [On_Demand | Stopped])
[2003-07-18 20:22:06 | 00,213,120 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\UdfReadr_xp.sys -- (UdfReadr_xp [System | Running])
[2008-10-01 13:01:28 | 00,032,000 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
[2005-01-26 04:22:20 | 00,280,344 | ---- | M] (Zone Labs LLC) -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant [On_Demand | Stopped])
[2004-12-15 14:18:28 | 00,703,232 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf [On_Demand | Running])
[2008-04-13 13:36:38 | 00,008,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wmiacpi.sys -- (WmiAcpi [System | Stopped])
========== (R ) Internet Explorer ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://us8l.hpwis.com/
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
"provider"=
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{affa8b5f-909b-492b-952a-bc1b2ac37395}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
========== (O1) Hosts File ==========
HOSTS File = (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
========== (O2) BHO's ==========
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{3049C3E9-B461-4BC5-8870-4C09146192CA} (HKLM) -- C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
========== (O3) Toolbars ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{D0943516-5076-4020-A3B5-AEFAF26AB263}" (HKLM) -- C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll File not found
========== (O4) Run Keys ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
"AVG7_CC"=C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP (GRISOFT, s.r.o.)
"CARPService"=carpserv.exe (Conexant Systems, Inc.)
"Cpqset"=C:\Program Files\HPQ\Default Settings\cpqset.exe ()
"Display Settings"=C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s (Hewlett-Packard)
"LanTalk.NET"=C:\Program Files\CEZEO software\LanTalk NET\LanTalk.exe File not found
"Malwarebytes Anti-Malware Reboot"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript File not found
"QT4HPOT"=C:\Program Files\HPQ\One-Touch\OneTouch.EXE (Dritek System Inc.)
"RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" (Roxio)
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
"TV Now"=C:\Program Files\HPQ\Notebook Utilities\TvNow.exe /RK ()
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" File not found
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C:\Documents and Settings\Devansh\Desktop\BlackBerry_JDE_Components_4.5.0.exe"=C:\Documents and Settings\Devansh\Desktop\BlackBerry_JDE_Components_4.5.0.exe File not found
"SmsDiscount"="C:\Program Files\SmsDiscount.com\SmsDiscount\SmsDiscount.exe" -nosplash -minimized File not found
"Uniblue RegistryBooster 2"=C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S File not found
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
========== (O4) Startup Folders ==========
[2008-04-23 02:38:16 | 00,029,696 | -H-- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
[2008-05-15 09:54:00 | 00,006,144 | R--- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{00CD55D6-EE5A-4570-9875-8A306628C032}\Icon3E5562ED7.ico
========== (O6 & O7) Current Version Policies ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"AllowLegacyWebView"=1
"AllowUnhashedWebView"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableRegistryTools"=0
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDrives"=0
========== (O8) IE Context Menu Extensions ==========
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [2008-12-12 15:30:30 | 17,858,560 | ---- | M] (Microsoft Corporation)
========== (O9) IE Extensions ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [2008-06-10 03:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{5BB29DC6-4046-4aa1-B590-C29372456BA0}: Button: SiteCatalyst ClickMap -- %SystemRoot%\Downloaded Program Files\ClickMap.dll File not found
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [2006-10-26 20:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008-04-13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008-04-13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008-04-13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003-02-28 18:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{5BB29DC6-4046-4aa1-B590-C29372456BA0} [HKLM] -> %SystemRoot%\Downloaded Program Files\ClickMap.dll [SiteCatalyst ClickMap] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [Research] -> [2006-10-26 20:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008-04-13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008-04-13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
========== (O12) Internet Explorer Plugins ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.micro...d...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery
========== (O13) Default Prefixes ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://
========== (O15) Trusted Sites ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
33 domain(s) and sub-domain(s) not assigned to a zone.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
32 domain(s) and sub-domain(s) not assigned to a zone.
========== (O16) DPF ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{166B1BCA-3F9C-11CF-8075-444553540000}: http://download.macr...director/sw.cab -- Shockwave ActiveX Control
{17492023-C23A-453E-A040-C7C580BBF700}: http://go.microsoft....k/?linkid=39204 -- Windows Genuine Advantage Validation Tool
{33564D57-0000-0010-8000-00AA00389B71}: http://download.micr...922/wmv9VCM.CAB -- Reg Error: Key does not exist or could not be opened.
{35C3D91E-401A-4E45-88A5-F3B32CD72DF4}: https://udit.taxcut....html/AtxEnc.cab -- Encrypt Class
{39B0684F-D7BF-4743-B050-FDC3F48F7E3B}: http://www.fileplane...C_2.3.7.109.cab -- Reg Error: Key does not exist or could not be opened.
{483EB14D-AF1C-4951-81B0-4E2B41829FF6}: https://www.select2p...bs/QOLCheck.ocx -- QOLCheck Control
{48DD0448-9209-4F81-9F6D-D83562940134}: http://lads.myspace....ploader1006.cab -- MySpace Uploader Control
{4F1E5B1A-2A80-42CA-8532-2D05CB959537}: http://gfx2.hotmail....es/MSNPUpld.cab -- MSN Photo Upload Tool
{55E515F7-0FA2-4610-874E-028107E766A3}: http://titan.kc.hrbl...webeditpro3.cab -- eWebEditProLibCtl3.eWebEditPro
{5C6698D9-7BE4-4122-8EC5-291D84DBD4A0}: http://upload.facebo...toUploader3.cab -- Facebook Photo Uploader 4 Control
{644E432F-49D3-41A1-8DD5-E099162EEEC5}: http://security.syma...n/bin/cabsa.cab -- Symantec RuFSI Utility Class
{67DABFBF-D0AB-41FA-9C46-CC0F21721616}: http://go.divx.com/p...owserPlugin.cab -- DivXBrowserPlugin Object
{6B75345B-AA36-438A-BBE6-4078B4C6984D}: http://h20270.www2.h...ctDetection.cab -- HpProductDetection Class
{8990AFAD-D352-42AC-A72F-A660BBF6E209}: https://udit.taxcut..../AtxConsole.cab -- OfficeScan Management Console
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/...indows-i586.cab -- Java Plug-in 1.6.0_07
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.ma...t/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
{B24F0664-7DDA-40B6-B38C-A4FD68DE8685}: http://192.223.249.9...aDownloader.cab -- CentraDownloaderCtl Class
{C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3}: http://a532.g.akamai...0/installer.exe -- Virtools WebPlayer Class
{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}: http://java.sun.com/...indows-i586.cab -- Java Plug-in 1.4.2
{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}: http://java.sun.com/...indows-i586.cab -- Java Plug-in 1.5.0_16
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}: http://java.sun.com/...indows-i586.cab -- Java Plug-in 1.6.0_01
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/...indows-i586.cab -- Java Plug-in 1.6.0_07
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://download.macr...ash/swflash.cab -- Shockwave Flash Object
bandInstaller: https://sc.omniture....apInstaller.CAB -- Reg Error: Key does not exist or could not be opened.
Microsoft XML Parser for Java: -- Reg Error: Key does not exist or could not be opened.
vzTCPConfig: http://www2.verizon....vzTCPConfig.CAB -- Reg Error: Key does not exist or could not be opened.
========== (O17) DNS Name Servers ==========
{06BCDCB9-ECDD-468D-9D11-19E80EA5653B} (Servers: | Description: Broadcom 802.11b/g WLAN)
{39F39582-3B9F-43F8-B1C4-25D21A74AA9F} (Servers: | Description: )
{55F9EAFB-63EB-4971-8664-8931D1DEDA18} (Servers: | Description: 1394 Net Adapter)
{86B46416-83EB-4CEA-960A-BBAE31F59CE0} (Servers: | Description: National Semiconductor Corp. DP83815/816 10/100 MacPhyter PCI Adapter)
{FE8E1F4B-8194-4DE4-914A-A73540DFFE00} (Servers: | Description: 1394 Net Adapter)
========== (O19) User Style Sheets ==========
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles]
========== (O20) Winlogon Notify Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
WBSrv: "DllName" = C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll -- C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll (Stardock)
========== Shell Execute Hooks ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" (HKLM) -- C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
========== Safeboot Options ==========
"AlternateShell"=cmd.exe
========== CDRom AutoRun Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1
========== MountPoints2 ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\##IBM_A31#D\Shell]
""=AutoRun
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\##IBM_A31#D\Shell\AutoRun]
""=Auto&Play
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\##IBM_A31#D\Shell\AutoRun\command]
""=Z:\Student_One_Stop.exe -- File not found
========== Files/Folders - Created Within 30 Days ==========
[2 C:\WINDOWS\*.tmp files]
[2009-01-08 14:50:54 | 00,000,000 | ---D | C] -- C:\_OTMoveIt
[2009-01-08 14:50:05 | 00,348,160 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Devansh\Desktop\OTMoveIt3.exe
[2009-01-08 14:39:33 | 01,450,211 | ---- | C] (ShareStar, Inc. ) -- C:\Documents and Settings\Devansh\Desktop\NewSpy.exe
[2009-01-06 21:32:07 | 00,581,861 | ---- | C] () -- C:\Documents and Settings\Devansh\Desktop\MouseTrap Car Design.skp
[2009-01-05 15:40:10 | 00,000,000 | ---- | C] () -- C:\WINDOWS\gmer.reg
[2009-01-05 15:40:06 | 00,000,000 | ---- | C] () -- C:\WINDOWS\gmer.bat
[2009-01-05 14:42:10 | 00,573,440 | ---- | C] () -- C:\WINDOWS\gmer.exe
[2009-01-05 14:42:10 | 00,565,311 | ---- | C] () -- C:\WINDOWS\gmer.dll
[2009-01-05 14:42:10 | 00,068,961 | ---- | C] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2009-01-05 14:42:10 | 00,000,250 | ---- | C] () -- C:\WINDOWS\gmer.ini
[2009-01-05 14:42:10 | 00,000,080 | ---- | C] () -- C:\WINDOWS\gmer_uninstall.cmd
[2009-01-05 14:37:05 | 00,422,912 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Devansh\Desktop\OTViewIt.exe
[2009-01-04 18:54:38 | 00,152,515 | ---- | C] () -- C:\Documents and Settings\Devansh\Desktop\SAT Writing Section!.docx
[2009-01-04 18:45:19 | 00,347,488 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Devansh\Desktop\WINWORD.EXE
[2009-01-04 16:24:14 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009-01-04 16:08:57 | 00,053,248 | ---- | C] (Sysinternals) -- C:\WINDOWS\PSEXESVC.EXE
[2009-01-04 16:08:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009-01-04 16:04:51 | 00,000,221 | ---- | C] () -- C:\Boot.bak
[2009-01-04 16:04:48 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009-01-04 16:04:38 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009-01-04 16:02:32 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009-01-04 16:02:32 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009-01-04 16:02:32 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009-01-04 16:02:32 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009-01-04 16:02:32 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe
[2009-01-04 16:02:32 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009-01-04 16:02:32 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009-01-04 16:02:32 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFIND.exe
[2009-01-04 16:02:32 | 00,028,672 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009-01-04 11:37:16 | 10,056,37632 | -HS- | C] () -- C:\hiberfil.sys
[2009-01-04 11:12:05 | 01,307,356 | -HS- | C] () -- C:\WINDOWS\System32\smsmuorw.ini
[2009-01-03 23:09:48 | 02,108,912 | -H-- | C] () -- C:\Documents and Settings\Devansh\Local Settings\Application Data\IconCache.db
[2009-01-03 18:14:39 | 04,291,481 | ---- | C] () -- C:\Documents and Settings\Devansh\Desktop\rabnebanadijodi02(www.songs.pk).mp3
[2009-01-03 18:06:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Devansh\Desktop\All Hindi
[2009-01-03 18:06:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Devansh\Desktop\All Techno
[2009-01-03 18:05:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Devansh\Desktop\All Rap Hip-Hop
[2009-01-03 18:05:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Devansh\Desktop\Desktop
[2009-01-03 13:39:51 | 17,842,981 | ---- | C] () -- C:\Documents and Settings\Devansh\Desktop\The Final Shiva Arth..mp3
[2009-01-02 15:34:46 | 00,002,137 | ---- | C] () -- C:\Documents and Settings\Devansh\Desktop\iTunes.lnk
[2009-01-02 15:34:37 | 01,181,696 | ---- | C] () -- C:\Documents and Settings\Devansh\Desktop\ShockAero3D.exe
[2009-01-02 11:43:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Devansh\Desktop\All Deleted Files
[2009-01-02 10:44:13 | 00,065,536 | ---- | C] () -- C:\WINDOWS\IFinst27.exe
[2009-01-02 10:33:56 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Devansh\My Documents\ObjectDock Library
[2009-01-02 10:33:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Devansh\Local Settings\Application Data\Stardock
[2009-01-02 09:23:42 | 00,000,801 | ---- | C] () -- C:\Documents and Settings\Devansh\Desktop\ObjectDock.lnk
[2009-01-02 09:23:04 | 00,000,000 | ---D | C] -- C:\Program Files\WinFlip
[2009-01-02 08:57:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Devansh\Local Settings\Application Data\TouchStoneSoftware
[2009-01-01 18:24:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Devansh\Desktop\All Documents and Folders
[2009-01-01 18:07:40 | 00,000,000 | ---D | C] -- C:\Program Files\Shock Utility
[2009-01-01 17:59:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Devansh\My Documents\My Widgets
[2008-12-27 13:55:32 | 00,163,456 | ---- | C] () -- C:\WINDOWS\System32\drivers\vidstub.sys
[2008-12-26 19:15:32 | 00,218,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\uxtheme.backup
[2008-12-26 13:13:13 | 00,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
[2008-12-20 14:26:18 | 00,000,143 | ---- | C] () -- C:\WINDOWS\WB.ini
[2008-12-20 14:15:13 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\wbload.dll
[2008-12-20 13:52:14 | 00,000,024 | ---- | C] () -- C:\WINDOWS\LogonStudio.ini
[2008-12-20 13:44:27 | 00,045,056 | ---- | C] (Stardust Software) -- C:\WINDOWS\System32\sstunst3.exe
[2008-12-20 13:44:24 | 01,061,188 | ---- | C] () -- C:\WINDOWS\System32\ah.mx1
[2008-12-20 13:44:24 | 00,564,736 | ---- | C] (Stardust Software) -- C:\WINDOWS\System32\ah.scr
[2008-12-20 13:44:24 | 00,020,610 | ---- | C] () -- C:\WINDOWS\System32\ah.ibx
[2008-12-20 13:44:02 | 00,187,392 | ---- | C] () -- C:\WINDOWS\System32\JPGUtils.dll
[2008-12-20 13:43:59 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Stardock
[2008-12-20 13:43:58 | 00,000,000 | ---D | C] -- C:\Program Files\WinCustomize
[2008-12-20 13:41:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Devansh\Application Data\Unity
[2008-12-20 12:56:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Devansh\Local Settings\Application Data\Unity
[2008-12-20 12:56:13 | 00,000,000 | ---D | C] -- C:\Program Files\Unity
[2008-12-18 16:29:48 | 00,000,045 | ---- | C] () -- C:\TEST.XML
[2008-12-17 15:17:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\vbSkinner
[2008-12-17 15:17:16 | 00,412,672 | ---- | C] (JB) -- C:\WINDOWS\System32\VBSKPRO2.OCX
[2008-12-17 15:17:12 | 00,245,248 | ---- | C] (Tools & Components) -- C:\WINDOWS\System32\SEVXPCTL.OCX
[2008-12-17 15:17:12 | 00,145,920 | ---- | C] (Tools & Components) -- C:\WINDOWS\System32\SEVCMD3.OCX
[2008-12-16 20:43:16 | 00,000,210 | -HS- | C] () -- C:\BOOT.BKK
[2008-12-14 18:51:49 | 00,000,784 | ---- | C] () -- C:\Documents and Settings\Devansh\Application Data\mpauth.dat
[2008-12-13 14:32:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Devansh\Local Settings\Application Data\Sample_SAT_Essays
[2008-12-13 14:26:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Devansh\Local Settings\Application Data\Conduit
========== Files - Modified Within 30 Days ==========
[22 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2009-01-08 14:50:11 | 00,348,160 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Devansh\Desktop\OTMoveIt3.exe
[2009-01-08 14:39:45 | 01,450,211 | ---- | M] (ShareStar, Inc. ) -- C:\Documents and Settings\Devansh\Desktop\NewSpy.exe
[2009-01-07 12:19:51 | 00,581,861 | ---- | M] () -- C:\Documents and Settings\Devansh\Desktop\MouseTrap Car Design.skp
[2009-01-07 11:23:35 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009-01-07 11:20:40 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009-01-07 11:20:39 | 00,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2009-01-07 11:20:24 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009-01-07 11:20:20 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009-01-07 11:20:15 | 10,056,37632 | -HS- | M] () -- C:\hiberfil.sys
[2009-01-05 15:46:51 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\Devansh\Desktop\iTunes.lnk
[2009-01-05 15:40:10 | 00,000,000 | ---- | M] () -- C:\WINDOWS\gmer.reg
[2009-01-05 15:40:06 | 00,000,000 | ---- | M] () -- C:\WINDOWS\gmer.bat
[2009-01-05 15:13:59 | 00,000,250 | ---- | M] () -- C:\WINDOWS\gmer.ini
[2009-01-05 14:42:10 | 00,565,311 | ---- | M] () -- C:\WINDOWS\gmer.dll
[2009-01-05 14:42:10 | 00,068,961 | ---- | M] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2009-01-05 14:42:10 | 00,000,080 | ---- | M] () -- C:\WINDOWS\gmer_uninstall.cmd
[2009-01-05 14:37:12 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Devansh\Desktop\OTViewIt.exe
[2009-01-04 18:54:40 | 00,152,515 | ---- | M] () -- C:\Documents and Settings\Devansh\Desktop\SAT Writing Section!.docx
[2009-01-04 16:11:50 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009-01-04 16:11:19 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009-01-04 16:08:57 | 00,053,248 | ---- | M] (Sysinternals) -- C:\WINDOWS\PSEXESVC.EXE
[2009-01-04 16:04:52 | 00,000,291 | RHS- | M] () -- C:\boot.ini
[2009-01-04 11:12:14 | 01,307,356 | -HS- | M] () -- C:\WINDOWS\System32\smsmuorw.ini
[2009-01-03 23:09:48 | 02,108,912 | -H-- | M] () -- C:\Documents and Settings\Devansh\Local Settings\Application Data\IconCache.db
[2009-01-03 20:41:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009-01-03 18:14:50 | 04,291,481 | ---- | M] () -- C:\Documents and Settings\Devansh\Desktop\rabnebanadijodi02(www.songs.pk).mp3
[2009-01-03 13:41:33 | 17,842,981 | ---- | M] () -- C:\Documents and Settings\Devansh\Desktop\The Final Shiva Arth..mp3
[2009-01-02 15:50:39 | 00,163,456 | ---- | M] () -- C:\WINDOWS\System32\drivers\vidstub.sys
[2009-01-02 15:50:02 | 00,000,024 | ---- | M] () -- C:\WINDOWS\LogonStudio.ini
[2009-01-02 10:44:13 | 00,065,536 | ---- | M] () -- C:\WINDOWS\IFinst27.exe
[2009-01-02 09:23:42 | 00,000,801 | ---- | M] () -- C:\Documents and Settings\Devansh\Desktop\ObjectDock.lnk
[2009-01-02 08:50:47 | 00,000,221 | ---- | M] () -- C:\Boot.bak
[2009-01-02 08:43:18 | 00,000,045 | ---- | M] () -- C:\TEST.XML
[2008-12-26 13:13:13 | 00,002,560 | ---- | M] () -- C:\WINDOWS\_MSRSTRT.EXE
[2008-12-20 14:43:27 | 00,000,143 | ---- | M] () -- C:\WINDOWS\WB.ini
[2008-12-20 13:44:27 | 00,045,056 | ---- | M] (Stardust Software) -- C:\WINDOWS\System32\sstunst3.exe
[2008-12-20 13:44:24 | 01,061,188 | ---- | M] () -- C:\WINDOWS\System32\ah.mx1
[2008-12-20 13:44:24 | 00,564,736 | ---- | M] (Stardust Software) -- C:\WINDOWS\System32\ah.scr
[2008-12-20 13:44:24 | 00,020,610 | ---- | M] () -- C:\WINDOWS\System32\ah.ibx
[2008-12-17 16:11:40 | 00,361,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\TCPIP.SYS.ORIGINAL
[2008-12-17 16:11:40 | 00,361,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\TCPIP.SYS
[2008-12-17 16:11:40 | 00,361,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\TCPIP.SYS
[2008-12-17 15:17:16 | 00,412,672 | ---- | M] (JB) -- C:\WINDOWS\System32\VBSKPRO2.OCX
[2008-12-17 15:17:12 | 00,245,248 | ---- | M] (Tools & Components) -- C:\WINDOWS\System32\SEVXPCTL.OCX
[2008-12-17 15:17:12 | 00,145,920 | ---- | M] (Tools & Components) -- C:\WINDOWS\System32\SEVCMD3.OCX
[2008-12-14 18:51:49 | 00,000,784 | ---- | M] () -- C:\Documents and Settings\Devansh\Application Data\mpauth.dat
[2008-12-14 13:59:11 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008-12-12 15:37:32 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2008-12-12 15:37:32 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2008-12-12 12:01:00 | 03,067,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2008-12-12 12:01:00 | 03,067,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2008-12-11 15:40:17 | 00,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[2008-12-09 18:24:37 | 17,593,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
< End of report >
#6
- Visiting Staff
-
- Group: Visiting Staff
- Posts: 629
- Joined: 21-June 08
- Gender:Male
- Location:Northfield, Ohio
- Interests:Programming, Malware Smashing
Posted 09 January 2009 - 11:54 PM
Hello, Devansh
We need to execute an OTMoveIt3 script
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
I would like us to use ESET (NOD32)'s Online Scanner
You Need to Update Windows (And other Microsoft Software)
Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.
If you are using Windows XP or earlier
Visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!
If you are using Windows Vista
In your next reply, please include the following:
BillyIII
We need to execute an OTMoveIt3 script
- Please download OTMoveIt3 by OldTimer and save it to your desktop.
- Double click the http://billy-oneal.com/Canned%20Speeches/speechimages/otmi3/otmi3desktopicon.png icon on your desktop.
- Paste the following code under the http://billy-oneal.com/Canned%20Speeches/speechimages/otmi3/pasteline.png area. Do not include the word "Code".
:files C:\WINDOWS\system32\drivers\vidstub.sys :reg [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{affa8b5f-909b-492b-952a-bc1b2ac37395}"=- [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SmsDiscount"=- "Uniblue RegistryBooster 2"=- :services MSSQLServerADHelper BootScreen :commands [EmptyTemp] - Push the large http://billy-oneal.com/Canned%20Speeches/speechimages/otmi3/btnmoveit.png button.
- OTMI3 may ask to reboot the machine. Please do so if asked.
- Copy/Paste the contents under the http://billy-oneal.com/Canned%20Speeches/speechimages/otmi3/results.png line here in your next reply.
- If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
- Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
- Scroll down to where it says "Java Runtime Environment (JRE)6 Update 11...allows end-users to run Java applications".
- Click the "Download" button to the right.
- Select your Platform: "Windows" (OR if you are on a x64 system, "Windows x64")
- Select your Language: "Multi-Language".
- Read the License Agreement, and then check the box that says: "Accept License Agreement".
- Click Continue and the page will refresh.
- Click on the link to download Windows Offline Installation and save the file to your desktop.
- Close any programs you may have running - especially your web browser.
- Go to Start > Settings > Control Panel, double-click on Add/Remove Programs (Or "Uninstall a Program" on Vista) and remove all older versions of Java.
- Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
- Click the Remove or Change/Remove button.
- Follow the onscreen instructions for the Java uninstaller.
- Repeat as many times as necessary to remove each Java version.
- Reboot your computer once all Java components are removed.
- Then from your desktop double-click on jre-6u10-windows-i586-p.exe (Or jre-6u10-windows-x64.exe for x64 systems)
- Follow the on screen instructions to install the latest Java version.
I would like us to use ESET (NOD32)'s Online Scanner
- Please go to ESET OnlineScan (NOD32)
- You will then see the Terms of Use, tick the check-box infront of YES, I accept the Terms of Use
- Now click Start
- Should you face a Security Warning that asks if you want to install and run a file called "OnlineScanner.cab", click Yes
- Click Start
- Note: (the Onlinescanner will now prepare itself for running on your pc)
- To do a full-scan, tick: "Remove found threats" and "Scan potentially unwanted applications"
- Press Scan
- The Onlinescan will now start and scan your pc (this could take a while)
- When the scan has finished, it will show a screen with two tabs "overview" and "details" and the option to get information or buy software, just close the window
- Click Start >> Run... >> type: C:\Program Files\EsetOnlineScanner\log.txt
- The Scanresults will now open in Notepad
- Click into the text area, right-click and chose "select all" (or use <Control>+A)
- Right-click again and chose "Copy" (or <Control>+C)
- Close/Exit Notepad
- Navigate to this thread and post your log along with anything else requested from us, by right-clicking and "paste" (or ctrl+v) in the text area of the reply post you just created.
You Need to Update Windows (And other Microsoft Software)
Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.
If you are using Windows XP or earlier
Visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!
If you are using Windows Vista
- Click the "Start Menu" (or Windows Orb)
- Click "All Programs"
- Click "Windows Update"
- On the left, choose "Change Settings"
- Ensure that the checkbox "Use Microsoft Update" at the bottom of the window is checked.
- Press OK and accept the UAC prompt.
Note: You shouldn't need to check this checkbox every single time you update, only the first time. - Click "Check for Updates" in the upper left corner.
- Follow the instructions to install the latest updates.
- Reboot and repeat the "Check for Updates" until there are no more critical updates to install
In your next reply, please include the following:
- OTMoveIt3's Log
- ESET OnlineScan's Log
- A New HiJack This log
BillyIII
#7
- Full Member
-
- Group: Member+
- Posts: 16
- Joined: 18-June 08
Posted 10 January 2009 - 05:37 PM
OTMoveIt3 Log
========== FILES ==========
C:\WINDOWS\system32\drivers\vidstub.sys moved successfully.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks\\{affa8b5f-909b-492b-952a-bc1b2ac37395} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{affa8b5f-909b-492b-952a-bc1b2ac37395}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SmsDiscount deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Uniblue RegistryBooster 2 deleted successfully.
========== SERVICES/DRIVERS ==========
Service MSSQLServerADHelper stopped successfully.
Service MSSQLServerADHelper deleted successfully.
Service BootScreen stopped successfully.
Service BootScreen deleted successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Devansh\LOCALS~1\Temp\etilqs_fkdE5H2kCRlSulu4SNc3 scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Devansh\Local Settings\Application Data\Mozilla\Firefox\Profiles\8poxiw8h.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Devansh\Local Settings\Application Data\Mozilla\Firefox\Profiles\8poxiw8h.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Devansh\Local Settings\Application Data\Mozilla\Firefox\Profiles\8poxiw8h.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Devansh\Local Settings\Application Data\Mozilla\Firefox\Profiles\8poxiw8h.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Devansh\Local Settings\Application Data\Mozilla\Firefox\Profiles\8poxiw8h.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Devansh\Local Settings\Application Data\Mozilla\Firefox\Profiles\8poxiw8h.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Opera cache emptied.
Temp folders emptied.
OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01102009_093650
Files moved on Reboot...
File C:\DOCUME~1\Devansh\LOCALS~1\Temp\etilqs_fkdE5H2kCRlSulu4SNc3 not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
C:\Documents and Settings\Devansh\Local Settings\Application Data\Mozilla\Firefox\Profiles\8poxiw8h.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Devansh\Local Settings\Application Data\Mozilla\Firefox\Profiles\8poxiw8h.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Devansh\Local Settings\Application Data\Mozilla\Firefox\Profiles\8poxiw8h.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Devansh\Local Settings\Application Data\Mozilla\Firefox\Profiles\8poxiw8h.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Devansh\Local Settings\Application Data\Mozilla\Firefox\Profiles\8poxiw8h.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Devansh\Local Settings\Application Data\Mozilla\Firefox\Profiles\8poxiw8h.default\XUL.mfl moved successfully.
ESET OnlineScan Log
# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3756 (20090110)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=d2ba982a6f067d4c946f5d942753bdee
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2009-01-10 04:54:24
# local_time=2009-01-10 11:54:24 (-0500, Eastern Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 3
# scanned=466043
# found=4
# scan_time=5562
C:\Documents and Settings\Devansh\Incomplete\T-5745425-new york city atc.mp3 WMA/TrojanDownloader.GetCodec.C trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\Devansh\Shared\06 Track 6.wma WMA/TrojanDownloader.Wimad.D trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\Devansh\Shared\new york city atc.mp3 WMA/TrojanDownloader.GetCodec.C trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\Devansh\Shared\shakradaya stuti.mp3 WMA/TrojanDownloader.GetCodec.C trojan (unable to clean - deleted) 00000000000000000000000000000000
HijackThis Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:32:23 PM, on 2009-01-10
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HPQ\One-Touch\OneTouch.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\carpserv.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us8l.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://internet.hrbl.../proxy_pac_file
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (file missing)
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TV Now] C:\Program Files\HPQ\Notebook Utilities\TvNow.exe /RK
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [LanTalk.NET] C:\Program Files\CEZEO software\LanTalk NET\LanTalk.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware Reboot] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [C:\Documents and Settings\Devansh\Desktop\BlackBerry_JDE_Components_4.5.0.exe] C:\Documents and Settings\Devansh\Desktop\BlackBerry_JDE_Components_4.5.0.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: SiteCatalyst ClickMap - {5BB29DC6-4046-4aa1-B590-C29372456BA0} - C:\WINDOWS\Downloaded Program Files\ClickMap.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://us8l.hpwis.com
O16 - DPF: bandInstaller - https://sc.omniture....apInstaller.CAB
O16 - DPF: vzTCPConfig - http://www2.verizon....vzTCPConfig.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} (Encrypt Class) - https://udit.taxcut....html/AtxEnc.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplane...C_2.3.7.109.cab
O16 - DPF: {483EB14D-AF1C-4951-81B0-4E2B41829FF6} (QOLCheck Control) - https://www.select2p...bs/QOLCheck.ocx
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail....es/MSNPUpld.cab
O16 - DPF: {55E515F7-0FA2-4610-874E-028107E766A3} (eWebEditProLibCtl3.eWebEditPro) - http://titan.kc.hrbl...webeditpro3.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/b...lineScanner.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/p...owserPlugin.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.h...ctDetection.cab
O16 - DPF: {8990AFAD-D352-42AC-A72F-A660BBF6E209} (OfficeScan Management Console) - https://udit.taxcut..../AtxConsole.cab
O16 - DPF: {B24F0664-7DDA-40B6-B38C-A4FD68DE8685} (CentraDownloaderCtl Class) - http://192.223.249.9...aDownloader.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai...0/installer.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
--
End of file - 9597 bytes
========== FILES ==========
C:\WINDOWS\system32\drivers\vidstub.sys moved successfully.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks\\{affa8b5f-909b-492b-952a-bc1b2ac37395} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{affa8b5f-909b-492b-952a-bc1b2ac37395}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SmsDiscount deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Uniblue RegistryBooster 2 deleted successfully.
========== SERVICES/DRIVERS ==========
Service MSSQLServerADHelper stopped successfully.
Service MSSQLServerADHelper deleted successfully.
Service BootScreen stopped successfully.
Service BootScreen deleted successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Devansh\LOCALS~1\Temp\etilqs_fkdE5H2kCRlSulu4SNc3 scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Devansh\Local Settings\Application Data\Mozilla\Firefox\Profiles\8poxiw8h.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Devansh\Local Settings\Application Data\Mozilla\Firefox\Profiles\8poxiw8h.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Devansh\Local Settings\Application Data\Mozilla\Firefox\Profiles\8poxiw8h.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Devansh\Local Settings\Application Data\Mozilla\Firefox\Profiles\8poxiw8h.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Devansh\Local Settings\Application Data\Mozilla\Firefox\Profiles\8poxiw8h.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Devansh\Local Settings\Application Data\Mozilla\Firefox\Profiles\8poxiw8h.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Opera cache emptied.
Temp folders emptied.
OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01102009_093650
Files moved on Reboot...
File C:\DOCUME~1\Devansh\LOCALS~1\Temp\etilqs_fkdE5H2kCRlSulu4SNc3 not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
C:\Documents and Settings\Devansh\Local Settings\Application Data\Mozilla\Firefox\Profiles\8poxiw8h.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Devansh\Local Settings\Application Data\Mozilla\Firefox\Profiles\8poxiw8h.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Devansh\Local Settings\Application Data\Mozilla\Firefox\Profiles\8poxiw8h.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Devansh\Local Settings\Application Data\Mozilla\Firefox\Profiles\8poxiw8h.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Devansh\Local Settings\Application Data\Mozilla\Firefox\Profiles\8poxiw8h.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Devansh\Local Settings\Application Data\Mozilla\Firefox\Profiles\8poxiw8h.default\XUL.mfl moved successfully.
ESET OnlineScan Log
# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3756 (20090110)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=d2ba982a6f067d4c946f5d942753bdee
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2009-01-10 04:54:24
# local_time=2009-01-10 11:54:24 (-0500, Eastern Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 3
# scanned=466043
# found=4
# scan_time=5562
C:\Documents and Settings\Devansh\Incomplete\T-5745425-new york city atc.mp3 WMA/TrojanDownloader.GetCodec.C trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\Devansh\Shared\06 Track 6.wma WMA/TrojanDownloader.Wimad.D trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\Devansh\Shared\new york city atc.mp3 WMA/TrojanDownloader.GetCodec.C trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\Devansh\Shared\shakradaya stuti.mp3 WMA/TrojanDownloader.GetCodec.C trojan (unable to clean - deleted) 00000000000000000000000000000000
HijackThis Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:32:23 PM, on 2009-01-10
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HPQ\One-Touch\OneTouch.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\carpserv.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us8l.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://internet.hrbl.../proxy_pac_file
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (file missing)
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TV Now] C:\Program Files\HPQ\Notebook Utilities\TvNow.exe /RK
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [LanTalk.NET] C:\Program Files\CEZEO software\LanTalk NET\LanTalk.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware Reboot] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [C:\Documents and Settings\Devansh\Desktop\BlackBerry_JDE_Components_4.5.0.exe] C:\Documents and Settings\Devansh\Desktop\BlackBerry_JDE_Components_4.5.0.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: SiteCatalyst ClickMap - {5BB29DC6-4046-4aa1-B590-C29372456BA0} - C:\WINDOWS\Downloaded Program Files\ClickMap.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://us8l.hpwis.com
O16 - DPF: bandInstaller - https://sc.omniture....apInstaller.CAB
O16 - DPF: vzTCPConfig - http://www2.verizon....vzTCPConfig.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} (Encrypt Class) - https://udit.taxcut....html/AtxEnc.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplane...C_2.3.7.109.cab
O16 - DPF: {483EB14D-AF1C-4951-81B0-4E2B41829FF6} (QOLCheck Control) - https://www.select2p...bs/QOLCheck.ocx
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail....es/MSNPUpld.cab
O16 - DPF: {55E515F7-0FA2-4610-874E-028107E766A3} (eWebEditProLibCtl3.eWebEditPro) - http://titan.kc.hrbl...webeditpro3.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/b...lineScanner.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/p...owserPlugin.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.h...ctDetection.cab
O16 - DPF: {8990AFAD-D352-42AC-A72F-A660BBF6E209} (OfficeScan Management Console) - https://udit.taxcut..../AtxConsole.cab
O16 - DPF: {B24F0664-7DDA-40B6-B38C-A4FD68DE8685} (CentraDownloaderCtl Class) - http://192.223.249.9...aDownloader.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai...0/installer.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
--
End of file - 9597 bytes
#8
- Visiting Staff
-
- Group: Visiting Staff
- Posts: 629
- Joined: 21-June 08
- Gender:Male
- Location:Northfield, Ohio
- Interests:Programming, Malware Smashing
Posted 10 January 2009 - 09:13 PM
Hello, Devansh
Congratulations! You now appear clean! :cool:
Are things running okay? Do you have any more questions?
System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware
We Need to Clean Up Our Mess
Windows' "System Restore" feature can cause malware files to be cached and retained by your system. Resetting System Restore will clean these files from your system, and will allow you to use System Restore without fear of reinfection.
You will not be able to restore computer to any earlier than today!
Recommendations
Below are some recommendations to lower your chances of (re)infection.
BillyIII
Congratulations! You now appear clean! :cool:
Are things running okay? Do you have any more questions?
System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware
We Need to Clean Up Our Mess
- Please reopen http://billy-oneal.com/Canned%20Speeches/speechimages/otmi3/otmi3desktopicon.png on your desktop.
- Push the large "Cleanup" button
- Allow your system to reboot
Windows' "System Restore" feature can cause malware files to be cached and retained by your system. Resetting System Restore will clean these files from your system, and will allow you to use System Restore without fear of reinfection.
- Go to Start > Programs > Accessories > System Tools and click "System Restore".
- Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
- Then go to Start > Run and type: Cleanmgr
- Click "OK".
- Click the "More Options" Tab.
- Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.
You will not be able to restore computer to any earlier than today!
Recommendations
Below are some recommendations to lower your chances of (re)infection.
- Install Spyware Blaster and update it regularly
If you wish, the commercial version provides automatic updating. - Install the MVPs hosts file, and update it regularly
You can use the HostMan host file manager to do this automaticly if you wish.
For more information on the hosts file, and what it can do for you, you can view the Tutorial on the Hosts file - Install an Anti-Spyware program, and update it regularly
Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
SUPERAntiSpyware is another good scanner with high detection and removal rates.
Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions. - Keep Windows (and your other Microsoft software) up to date!
I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.
If you are using Windows XP or earlier
Visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!
If you are using Windows Vista
- Click the "Start Menu" (or Windows Orb)
- Click "All Programs"
- Click "Windows Update"
- On the left, choose "Change Settings"
- Ensure that the checkbox "Use Microsoft Update" at the bottom of the window is checked.
- Press OK and accept the UAC prompt.
Note: You shouldn't need to check this checkbox every single time you update, only the first time. - Click "Check for Updates" in the upper left corner.
- Follow the instructions to install the latest updates.
- Reboot and repeat the "Check for Updates" until there are no more critical updates to install
- Click the "Start Menu" (or Windows Orb)
- Keep your other software up to date as well
Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on your machine. - Stay up to date!
The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing :(.
BillyIII
#9
- Visiting Staff
-
- Group: Visiting Staff
- Posts: 629
- Joined: 21-June 08
- Gender:Male
- Location:Northfield, Ohio
- Interests:Programming, Malware Smashing
Posted 13 January 2009 - 03:38 AM
This thread is being closed because it has been resolved. If you would like it to be reopened please contact me or another member of the Moderating team.
As always, we'd like to thank you for using 247fixes. Have a great day!
This only applies to the original poster if you're not the original poster please start a new topic in this forum.
As always, we'd like to thank you for using 247fixes. Have a great day!
This only applies to the original poster if you're not the original poster please start a new topic in this forum.
Page 1 of 1
- You cannot start a new topic
-
This topic is locked